• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1360
  • Last Modified:

RADIUS or WPA2 security mode?

Hi

I have a query on Wireless security that I was hoping someone could help with.

Most technical journals state that for enterprises/business, WLAN security should comprise of a RADIUS server, PEAP etc. WPA2 is reserved for SOHO.

However, what is the reason for this? Is it because maintaining a passphrase in an enterprise is too much overhead, or actually because the AES encryption used with WPA2 is insecure.

We would like to have a Wireless network in part of our office where there are only about 4-5 people. In this case, building a RADIUS server for such a small amount seems overkill when we can use WPA2 *unless* RADIUS was actually more secure.

We were thinking of a combination of WPA2, MAC address filtering and hiding the SSID, although we realise there are relatively straighforward ways to bypass the last two.

Would be interested to know people's thoughts.

Thanks.
0
Dilan77
Asked:
Dilan77
  • 2
1 Solution
 
Jeff PerkinsOwnerCommented:
The radius by design is more secure.  But wpa2 is relatively new and fairly secure, for now... but your question about insecure?  Well, let's face NOTHING in the ethernet is SECURE... I don't think anyone is beyond being hacked... you just have to weigh the risks versus costs....
0
 
Rob WilliamsCommented:
Do you have an existing server to which you can add the radius service?
If you wish to use RRAS and Windows Radius server, it is fairly easy to set up.
-You need to install Radius, on the server of your choice by going to add remove programs | Windows components | Networking services | Internet Authentication Services.
-Once installed open the Internet Authentication Service under Administrative tools. Right click on "Internet Authentication Service" and "choose register service in Active directory".
-Then in the Routing and Remote Access Console, right click on the server name and choose properties, click on Security and then under Authentication Provider choose Radius Authentication in the drop down menu. Next click Configure and add your Radius server.
-In Active Directory Users and computer, under the user's profile, on the dial-in tab, make sure "control access through Remote Access policy" is checked
-Now you can add policies for authentication for your users in your Radius configuration.

The following links may be of some help:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/ias2000a.mspx
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/ias2000d.mspx
http://technet2.microsoft.com/WindowsServer/en/library/c25dccdf-b91e-4fb1-8846-cd5bcc9bcf0e1033.mspx?mfr=true
http://www.microsoft.com/technet/community/columns/cableguy/cg0404.mspx

You can also create your own radius server with a 3rd party application on an XP box using something like WinRadius:
http://www.itconsult2000.com/en/product/WinRadius.html
0
 
Rob WilliamsCommented:
Thanks Dilan77,
--Rob
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now