3

In the CBT Nuggets Video Training, one slide about Wireless networks :

Deploy Active Directory and IAS/RADIUS for wireless network authentication and authorization

i want to know about the role of Radius to increase the security and how? in this project: Deploy Active Directory and IAS/RADIUS for wireless network authentication and authorization

Authentication 802.1x radius

How RADIUS Solve Enterprise Wireless Connectivity Issues, in wireless networks beside Active Directory. Did Hidden wireless networks (that not broadcast their Network ID -SSID) + WPA secure enough our network?

saber tabatabaee yazdi
  • 1,038
  • 5
  • 16
  • 26

1 Answers1

3

No, because the accountability is too low and chances are high your WPA2 password would leak out. When using RADIUS all users have their own password and usernames to authenticate to the AP.

Chances of users sharing the WPA2 password to the wifi network is larger than them sharing their own personal username and passwords. This increases security in two ways:

  • not everyone will leak passwords
  • If you want you can track your users and see who's done what

The last part is not possible when using WPA2 with a shared password between the users.

Lucas Kauffman
  • 54,169
  • 17
  • 112
  • 196
  • how can i detect the password guesser program ? – saber tabatabaee yazdi Nov 28 '12 at 08:16
  • 2
    That would be by using a form of IDS system, however I'm not an expert on RADIUS, I just know the basic concepts. I think to mitigate bruteforce you can also lock out the user accounts after 3 tries. – Lucas Kauffman Nov 28 '12 at 08:17
  • 1
    At least some RADIUS servers will simply pass the request through to AD to see if the password matches. In these cases, the standard brute force prevention configuration should apply, whether it simply be lockout rules or something more advanced. Basically using RADIUS with a WPA2-Enterprise configuration just allows authentication to occur prior to letting someone on to your private network. It's similar in principal to having an open wifi network that only allows connections with a border VPN. – AJ Henderson Nov 28 '12 at 14:04