Anyone use RADIUS with Wireless Networking?

[snagrat]

Right I've recently found out how easy it is to crack a wireless network using WEP or WPA so we are currently looking to use RADIUS with WPA2 to make our networks more secure for our customers.

However I am a bit uncertain about a few things.

RADIUS uses the windows credentials to allow the wireless connection. So when I start my laptop up and haven't signed in yet does that mean I'm not connected to the wireless.

We work in schools so each laptop will be used by a different child atleast 3 times a day. The wireless obviously needs to be connected so they can login.

Hope I'm not being thick but I can't quite get my head around it. Haven't had time to experiment yet so thought I'd ask you experts

 

[snagrat]

I had a go at this using IAS in server 2003 but couldnt get it working properly.

Yeh I'm planning the IAS that is built into server 2003.

 

[snagrat]

Very interesting. What kind of percentage of people do you think will have access to taht kind of knowledge? 5%?

Maybe not even that. But I'm not taking the risk thank you

Can anyone answer my initial question please. I still haven't had time to look into anymore.

Cheers

 

[snagrat]

Whilst I wont go into too much detail there are a number of tools to crack WEP keys, most of which are very easy to use. WEP encryption on a high traffic network is as said very easy to crack. On a home network it would actually be harder to crack as generally they dont see the same volume of traffic as a corporate or public sector network. Even then though it would only take a few hours.

WPA is still fairly safe, but if you want the safest connection possible then I'd consider setting on an ipsec VPN and blocking any other traffic from the wireless lan.

In linux the tool will also transfer packets between the AP and client therefore producing more traffic therfore speeding up the time it takes to hack.

In WPA you need people to connect to the network til it can be hacked. Again the Linux version tool will kick people off so that they have to rejoin. Quite clever really.

In the demo I watched it took him 3hours to hack WEP with only 1 client which was accessing the net.

Thanks for all the help. Hopefully I'll have time this weekend to try RADIUS out.

Does RADIUS work with WEP and WPA or is it only WPA2 it works with?

 

[snagrat]

To my knowledge, the only way to crack WPA was using brute force (randomised dictionary list of well-known passwords).

I'm sure this is still the case?

So provided you use a long, randomised character key (30+ chars) with both upper and lower case you should be completely fine from outside attack.

Although this is true there are dictionarys out there which have thousounds of different Lower and Upper cases words in and a mixture of both.

Best bet is to make sure your WPA key is not a word. Just have a random few letters