WPA2 or RADIUS more secure?

Hi

I have a query on Wireless security that I was hoping someone could help with.

Most technical journals state that for enterprises/business, WLAN security should comprise of a RADIUS server, PEAP encryption etc. WPA2 is reserved for SOHO.

However, what is the reason for this? Is it because maintaining a passphrase in an enterprise is too much overhead, or actually because the AES encryption used with WPA2 is insecure.

We would like to have a Wireless network in part of our office where there are only about 4-5 people. In this case, building a RADIUS server for such a small amount seems overkill when we can use WPA2 *unless* RADIUS was actually more secure.

We were thinking of a combination of WPA2, MAC address filtering and hiding the SSID, although we realise there are relatively straighforward ways to bypass the last two.

Would be interested to know people's thoughts.

Thanks.

Reply to
dilan.weerasinghe
Loading thread data ...

The reason for specifying both WPA and RADIUS is that they serve different purposes. WPA is encryption. RADIUS, 802.1x, etc are for authentication. The major connection is that RADIUS authentication delivers a one-time, unique, WPA encryption key for each session. I other words, you don't need a common company wide WPA encryption key for the entire network which might leak out to evil hackers like me.

Agreed. However, you can subscribe to RADIUS servers/services on the internet.

formatting link
formatting link
etc... Do it thyself:
formatting link

Forget the MAC address filtering, SSID hiding, DHCP scope limiting, reduced xmit power, and other wasted efforts. You're only real protetction is encryption. Everything else just gets in the way.

As long as you don't have to deal with visitors, vendors, and relatives bearing laptops, PDA's, and PDAphones with Wi-Fi, WPA2-PSK is sufficient. The danger is having the system wide WPA encryption key leak. If that's a possibility (i.e. the bosses son is an aspiring hacker), then I would go for the WPA2-RADIUS solution. Also, you can now get wireless access point and routers with RADIUS builtin. Try Zyxel G-2000 plus.

formatting link

Reply to
Jeff Liebermann

WPA and RADIUS is that they serve

servers/services on the

SSID hiding, DHCP scope limiting,

formatting link

Thanks Jeff.

Since the wireless LAN would only be for the use of a couple of people, I see no reason why the PSK should leave the IT department, so I think WPA2-PSK will be our method.

Reply to
dilan.weerasinghe

snipped-for-privacy@gmail.com hath wroth:

That should be fine if you have control over the various desktops, laptops and PDA's. The problem is that the saved WPA key can be easily extracted from the Windoze registry:

formatting link

Reply to
Jeff Liebermann

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.