RADIUS Secured and Authenticated WiFi Robert Leahy Charles Bodman Brandon Ellis.
-
Upload
arthur-harvey -
Category
Documents
-
view
226 -
download
0
Transcript of RADIUS Secured and Authenticated WiFi Robert Leahy Charles Bodman Brandon Ellis.
Setup
• D-Link DIR-825 Wireless Access Point, Hardware Revision B1, Firmware Version 2.03NA
• Tablet running Windows 7 (WiFi client)• Server (VMWare Workstation) running CentOS
5.5 x64 and FreeRADIUS 2
Configuration
Your FreeRADIUS 2 installation must be configured to use EAP.You must generate certificates for the server (ideally these would be trusted and signed, but self-signed can be used if you either bypass server authentication (bad) or install the certificate for the server on all clients (inconvenient)).You must configure a secret for the access point, and setup a user account.
Configuration
In order to set Windows up to use WPA-Enterprise – unless you’re logging on with domain credentials with a properly-signed certificate (we’re not) – you have to do some fiddling.To get to these options, you right-click your wireless network and go to Properties.
Configuration
This is your first stop. In here you setup your security type (discussed earlier) and encryption type (if your router is setup to use both, choose either). You need to select PEAP (if it’s not already), and then go into Settings…
Configuration
…in here you need to turn of validation of the server certificate (since it’s self-signed and we’re not installing it as trusted). You then need to hit Configure and turn off automatically using Windows credentials…
Configuration
…here we need to Replace Credentials and enter our WiFi credentials, and then we can connect!
Advantages of RADIUS
In a typical WiFi network – using a pre-shared key (PSK) – the network is secure against others, but each person on the network is not secure against the others due to the shared nature of the key.
RADIUS authentication obviates this issue, by providing per user authentication, and per user encryption.