Go Premium for a chance to win a PS4. Enter to Win


RADIUS or WPA2 security mode?

Posted on 2006-10-25
Medium Priority
Last Modified: 2013-11-12

I have a query on Wireless security that I was hoping someone could help with.

Most technical journals state that for enterprises/business, WLAN security should comprise of a RADIUS server, PEAP etc. WPA2 is reserved for SOHO.

However, what is the reason for this? Is it because maintaining a passphrase in an enterprise is too much overhead, or actually because the AES encryption used with WPA2 is insecure.

We would like to have a Wireless network in part of our office where there are only about 4-5 people. In this case, building a RADIUS server for such a small amount seems overkill when we can use WPA2 *unless* RADIUS was actually more secure.

We were thinking of a combination of WPA2, MAC address filtering and hiding the SSID, although we realise there are relatively straighforward ways to bypass the last two.

Would be interested to know people's thoughts.

Question by:Dilan77
  • 2
LVL 15

Expert Comment

by:Jeff Perkins
ID: 17807736
The radius by design is more secure.  But wpa2 is relatively new and fairly secure, for now... but your question about insecure?  Well, let's face NOTHING in the ethernet is SECURE... I don't think anyone is beyond being hacked... you just have to weigh the risks versus costs....
LVL 77

Accepted Solution

Rob Williams earned 1000 total points
ID: 17808061
Do you have an existing server to which you can add the radius service?
If you wish to use RRAS and Windows Radius server, it is fairly easy to set up.
-You need to install Radius, on the server of your choice by going to add remove programs | Windows components | Networking services | Internet Authentication Services.
-Once installed open the Internet Authentication Service under Administrative tools. Right click on "Internet Authentication Service" and "choose register service in Active directory".
-Then in the Routing and Remote Access Console, right click on the server name and choose properties, click on Security and then under Authentication Provider choose Radius Authentication in the drop down menu. Next click Configure and add your Radius server.
-In Active Directory Users and computer, under the user's profile, on the dial-in tab, make sure "control access through Remote Access policy" is checked
-Now you can add policies for authentication for your users in your Radius configuration.

The following links may be of some help:

You can also create your own radius server with a 3rd party application on an XP box using something like WinRadius:
LVL 77

Expert Comment

by:Rob Williams
ID: 17843474
Thanks Dilan77,

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question