Anyone use RADIUS with Wireless Networking?

snagrat

snagrat

snagrat

Associate
Joined
18 Jun 2003
Posts
188
Location
Wellington, Somerset
Right I've recently found out how easy it is to crack a wireless network using WEP or WPA so we are currently looking to use RADIUS with WPA2 to make our networks more secure for our customers.

However I am a bit uncertain about a few things.

RADIUS uses the windows credentials to allow the wireless connection. So when I start my laptop up and haven't signed in yet does that mean I'm not connected to the wireless.

We work in schools so each laptop will be used by a different child atleast 3 times a day. The wireless obviously needs to be connected so they can login.

Hope I'm not being thick but I can't quite get my head around it. Haven't had time to experiment yet so thought I'd ask you experts :p
 
Tried this and failed. Had another go today and (with the aid of google) it now works. Much better than having to remember long complicated PSK's, and more secure to boot.

I'm now running WPA RADIUS! Joy.
 
JonRohan said:
Very interesting. What kind of percentage of people do you think will have access to taht kind of knowledge? 5%?
Click to expand...

Maybe not even that. But I'm not taking the risk thank you :cool:

Can anyone answer my initial question please. I still haven't had time to look into anymore.

Cheers
 
snagrat said:
Can anyone answer my initial question please. I still haven't had time to look into anymore.
Click to expand...
As I said a couple of posts ago, I recently setup WPA RADIUS - I don't own anything that can do WPA2.

When I reboot my laptop, I can still log in and the profiles seem to download ok. I think it uses comptuer authentication when no one's logged in, so if the computer's a member of the domain, and permitted in the IAS policy, then it connects fine (there's no restriction on mine, anyone who's a domain member/user can connect).
 
Whilst I wont go into too much detail there are a number of tools to crack WEP keys, most of which are very easy to use. WEP encryption on a high traffic network is as said very easy to crack. On a home network it would actually be harder to crack as generally they dont see the same volume of traffic as a corporate or public sector network. Even then though it would only take a few hours.

WPA is still fairly safe, but if you want the safest connection possible then I'd consider setting on an ipsec VPN and blocking any other traffic from the wireless lan.
 
We brought a book at work and it took my assistant about a week to learn how to do WEP and he recons he most of the way with WPA to.
The hardest part was finding a compatible wireless card.

Hence why i had tried to secure it with radius and will be trying again with that document.
 
FordPrefect said:
Whilst I wont go into too much detail there are a number of tools to crack WEP keys, most of which are very easy to use. WEP encryption on a high traffic network is as said very easy to crack. On a home network it would actually be harder to crack as generally they dont see the same volume of traffic as a corporate or public sector network. Even then though it would only take a few hours.

WPA is still fairly safe, but if you want the safest connection possible then I'd consider setting on an ipsec VPN and blocking any other traffic from the wireless lan.
Click to expand...

Not as much traffic but you can perform a deauth attack or arp packet injection on the access point to generate more traffic to sniff up. Using this method you can break any WEP key in less than 5 mins.
 
FordPrefect said:
Whilst I wont go into too much detail there are a number of tools to crack WEP keys, most of which are very easy to use. WEP encryption on a high traffic network is as said very easy to crack. On a home network it would actually be harder to crack as generally they dont see the same volume of traffic as a corporate or public sector network. Even then though it would only take a few hours.

WPA is still fairly safe, but if you want the safest connection possible then I'd consider setting on an ipsec VPN and blocking any other traffic from the wireless lan.
Click to expand...

In linux the tool will also transfer packets between the AP and client therefore producing more traffic therfore speeding up the time it takes to hack.

In WPA you need people to connect to the network til it can be hacked. Again the Linux version tool will kick people off so that they have to rejoin. Quite clever really.

In the demo I watched it took him 3hours to hack WEP with only 1 client which was accessing the net.

Thanks for all the help. Hopefully I'll have time this weekend to try RADIUS out.

Does RADIUS work with WEP and WPA or is it only WPA2 it works with?
 
To my knowledge, the only way to crack WPA was using brute force (randomised dictionary list of well-known passwords).

I'm sure this is still the case?

So provided you use a long, randomised character key (30+ chars) with both upper and lower case you should be completely fine from outside attack.
 
garyh said:
To my knowledge, the only way to crack WPA was using brute force (randomised dictionary list of well-known passwords).

I'm sure this is still the case?

So provided you use a long, randomised character key (30+ chars) with both upper and lower case you should be completely fine from outside attack.
Click to expand...

Although this is true there are dictionarys out there which have thousounds of different Lower and Upper cases words in and a mixture of both.

Best bet is to make sure your WPA key is not a word. Just have a random few letters :)
 
You must log in or register to reply here.
Back
Top Bottom