Wireless & Mobile
Subscribe to this site with RSS
Protecting a wireless net with RADIUS
We are getting ready to double our use of wireless networking at our company. There is a concern that we make it as easy
to use as possible but at the same time protect the company network as much as possible. We are putting all access points
on a separate VLAN but don't think that is enough. In doing some research, we have found mentions of using RADIUS. Is that
something we should look at?
-- Via the Internet
Yes, Yes, Yes. RADIUS can add one more layer of protection to the network and make it a little harder for someone to get in. There are several ways to do it, depending on what sort of operating systems you have on your network.
If you are a Microsoft shop, you can use Internet Authentication Server to help you do this. What you will need to look at is your domain setup. If you have more than one domain at your company, you will probably need to look at multiple IAS installs with a IAS proxy to point the access points to. If you are on W2K, this is going to present a challenge since W2K doesnt support RADIUS Proxy. This means you will need to look at Windows 2003, which does.
If you are comfortable with Linux, there are several good RADIUS packages. One that I have seen mentioned more frequently is FreeRADIUS. This is a very flexible RADIUS implementation that should be able to do what you want. It can handle multiple domains on its own. In June, 2004, SysAdmin Magazine ran a good article on implementing FreeRADIUS; unfortunately, it is not online. O'Reilly's RADIUS book discusses implementing FreeRADIUS as well.
With either of these options, you will have to touch the wireless computers in terms of putting digital certificates on them and keeping them up to date.
One positive advantage I have seen with these solutions is that the wireless access points become harder to find. I keep an iPAQ handy with miniStumbler installed. When working with the Microsoft solution, NetStumbler didnt report that it saw the access point that was configured to work with RADIUS. I expect the FreeRADIUS application to perform in the same way.
| Use this form to start a public discussion with other Linux World users on this article. Log In | Register for an account (Why you should) |
Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."
*Anonymous comments will only appear once they are approved by the moderator.
• Dell puts Linux and Atom in Vostro PCs
• Mozilla names best Firefox 3 add-ons
• Torvalds: Fed up with the 'security circus'
• Dell Latitude ON - big win for Linux
• Open source advocates hail appeals court ruling
LinuxWorld Conference and Expo San Francisco, August 4-7, 2008.
Linux Plumbers Conference Portland, OR, Sept. 16-19, 2008.
FreedomHEC Santa Monica, November 8-9, 2008.
Featured Whitepapers