Results 1 to 10 of 10

Thread: Cheap WPA(2)-Enterprise Solution (Radius server)

  1. #1
    Junior Member Lucifer's Avatar
    Join Date
    Feb 2010
    Posts
    75

    Default Cheap WPA(2)-Enterprise Solution (Radius server)

    Hi everyone,

    Allthough my topic won't be backtrack related, I decided to share it anyway, since it concerns wireless security.

    Since the first day I learned about aircrack, I obviously became more aware about my wireless network security at home.
    As my network has grown to 11 clients now (pc's, phones, game console, and a NAS server on a dualband router, 2.4 and 5 Ghz WLANs), I decided it was time to take my wireless security
    to the next step, the reason being: 'If I can crack it, so can someone else'.
    WPA(2)-Enterprise is the strongest wireless security to date, so I started searching how I could configure it.
    So as all of you know, it requires a radius server, yet I was unwilling to pay for one.
    Sadly enough, my NAS server doesn't support radius.
    Then I stumbled on this free online radius server, and after some small issues, I managed to configure it, and it's working beautifully.
    Both my wireless networks are now WPA2-AES EAP secured.

    So basicly, I just wanted to share this with you guys, in case you want to upgrade to Enterprise aswell, without spending money.
    The radius server is located at www.wifiradis.net .
    This was the only online radius server I could find, and allthough the site looks unprofessional, the radius server is working and gets the job done without a hitch.
    Now, I can finally be sure no one will be cracking and accessing my network.

    And yes, I know WPA-TKIP and AES are virtually impossible to crack if you're using a big random password, but still, a hacker who has targeted my WLANs would be messing with them (DOS attacks) to get the handshakes if I used WPA-Personal, this is what I'm trying to avoid by using Enterprise. The hacker won't bother deauthenticating my wireless clients or cracking my WLANs since it cannot be done.
    Allthough DOS attacks are still possible now I'm using Enterprise, I do feel more secure, and I can use easy-to-remember passwords since brute forcing the PSK is out of the question now, instead of a big random 64 character password.

    If anyone is interested, I would be glad to help you configure it, if needed.
    (Note that low-end routers/wifi equipment usually don't support this 802.1x authentication mode.)

    I hope this info can be helpful to someone.

    Bye,
    Last edited by Lucifer; 08-19-2010 at 05:43 AM.

  2. #2
    Junior Member Agarax's Avatar
    Join Date
    Mar 2010
    Posts
    43

    Default Re: Cheap WPA(2)-Enterprise Solution (Radius server)

    OK, this is neat, BUT a couple of things:

    A) If I'm too paranoid to trust a 14 character password to protect my wireless LAN, offshoring my AAA to some site on the internet isn't going to work either.

    B) After reading a translation of the about page Google Translate I noticed something important. The goal of the site isn't to make your network 'more secure', it's to allow you to share you internet with select people and still have control (i.e. not sharing your one key with everyone.)

    C) Setting up a RADIUS server isn't expensive. "Pourquoi le service WifiRadis est-t-il gratuit ? ("Why is the service WifiRadis he free?) Parce que personne ne va payer pour cela, cela ne vaut pas un radis. (Because nobody will pay for it, it is not worth a bean. )"

    D) WPA2-Personal is really damn secure even if you capture the 4 way handshake. The only weakness is users who don't set up good passwords. Any DOS that can be performed against it without the preshared key can be performed against a WPA2-Enterprise.
    "If you haven’t trashed your computer while doing something questionable, then you’re not a computer scientist – you’re just an arts grad who didn’t get laid."

    If the time stamp for my post is less than 15 minutes old, hold off on the flamethrower, there's a pretty decent chance I'm going to change it.

  3. #3
    Junior Member Lucifer's Avatar
    Join Date
    Feb 2010
    Posts
    75

    Default Re: Cheap WPA(2)-Enterprise Solution (Radius server)

    A: You are correct, but I don't think they're going to come all the way to your country to see what's on your home network. As long as you don't use the same password like your email account, you'll be fine.

    B: true again, but I personally just wanted a radius server without paying for it, that's it.

    C: I know it doesn't cost millions, but I really wanted to try and find a free solution first, before buying one. And I did.

    D: Correct once more, but like I said in my original post:
    And yes, I know WPA-TKIP and AES are virtually impossible to crack if you're using a big random password, but still, a hacker who has targeted my WLANs would be messing with them (DOS attacks) to get the handshakes if I used WPA-Personal, this is what I'm trying to avoid by using Enterprise. The hacker won't bother deauthenticating my wireless clients or cracking my WLANs since it cannot be done.
    Allthough DOS attacks are still possible now I'm using enterprise, I do feel more secure, and I can use easy-to-remember passwords since brute forcing the PSK is out of the question now, instead of a big random 64 character password.
    And in a worst-case scenario this online radius server is one big scam (which I doubt since the site has been online for many years), and they would come to my country to acces my network, they would find all my clients and server are password protected, can't modify anything on the network. By the time they started bruteforcing my server, I would have already noticed the intruders.
    They can't trace my psychical location either, I'm on a dynamic WAN IP, and an ISP doesn't give out adresses/names without hard reasons.

    Ofcourse something like this will have it's disadvantages aswell, but hey, at least it's free right?

    In my personal situation, this free online radius server is excellent, and keeps the script kiddies from around the block away, if you know what I mean

    And I thought it might be useful to other users who are on a tight budget, or those who just want to explore the 802.1x authentication mode before actually buying a radius server, like myself. So that's why I posted

    Bye,
    Last edited by Lucifer; 08-19-2010 at 05:43 AM.

  4. #4
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    3

    Default Re: Cheap WPA(2)-Enterprise Solution (Radius server)

    Have you heard of AuthenticateMyWiFi: Outsourced RADIUS/802.1X Authentication for WPA/WPA2-Enterprise? Hosted free and commerical service.

    About Personal vs Enterprise...it's not just that PSK is vunlerabale to bruteforce, but Enterprise provides two additional crucial benefits: 1. better management of access. It's not just a static key like personal where you'd have to change everyone's key if a laptop went missing. Just change the one user's password with enterprise 2. user's can't see each other's traffic since each gets their own key.

  5. #5
    Junior Member Lucifer's Avatar
    Join Date
    Feb 2010
    Posts
    75

    Default Re: Cheap WPA(2)-Enterprise Solution (Radius server)

    Hi egeier,

    I hadn't found that site during my search, thanks for sharing.
    They seem to have alot more options vs the free radius server I'm using.
    Yet the interesting options are only avaible if you're a paying customer, and you can only use their free service with limited options for a month.
    The same goes for this online radius server I stumbled upon just now: http://www.wifi-soft.com/

    But personally, my next step would be to buy a little radius server myself to connect to my LAN, maybe in a few months. I'm really enjoying all the advantages and options 802.1x has, that's why I'm mostlikely sticking to it. I'm looking into wired 802.1x aswell, yet I doubt my consumer grade router supports it, even though it's a top notch one, the DIR-855 .. Any interesting links on this subject are welcome!

    Also, when I buy a radius server, I would obviously like to get the most out of it, so I would like to set it up the same way like the online radius you provided, with the same configuration options. Would it be hard to set up? Can anyone recommend a cheap but great little radius server?

    I read about tinyPEAP custom firmware to make a radius server out of a linksys router, yet I question its reliability considering the reviews I saw on the net.

    Any info will be appreciated

    Bye,
    Last edited by Lucifer; 08-19-2010 at 02:46 PM.

  6. #6
    Junior Member Agarax's Avatar
    Join Date
    Mar 2010
    Posts
    43

    Default Re: Cheap WPA(2)-Enterprise Solution (Radius server)

    First of all, sorry if I was acting like a dick earlier. Looking back I was a bit harsh.

    As far as building your own RADIUS server, I would recommend installing FreeRADIUS on an existing server.

    What I like to do is to have one reasonably powerful server running VMWare Server. That way I can add and delete 'dedicated' servers at will for different network services.
    "If you haven’t trashed your computer while doing something questionable, then you’re not a computer scientist – you’re just an arts grad who didn’t get laid."

    If the time stamp for my post is less than 15 minutes old, hold off on the flamethrower, there's a pretty decent chance I'm going to change it.

  7. #7
    Junior Member Lucifer's Avatar
    Join Date
    Feb 2010
    Posts
    75

    Default Re: Cheap WPA(2)-Enterprise Solution (Radius server)

    Hey agarax,

    No problem, I wasn't thinking you're a dick since your statements are correct, no matter how you post them

    I've read about FreeRADIUS and other software out there, but it requires a dedicated linux machine/server, which I do not have.
    It really is a pity my own NAS server doesn't support it.
    What I am hoping to find, is a little cheap server box which would be online 24/7 as a dedicated radius server and nothing more.
    But up untill now, I've found none.
    This online radius server I'm using will do for now, untill I can find a cheap solution for my own one.
    Allthough the Enterprise mode is great for various reasons, I'm not willing to spend much cash on it as I feel I already spent too much on my current home network

    Bye,
    Last edited by Lucifer; 08-19-2010 at 02:42 PM.

  8. #8
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    3

    Default Re: Cheap WPA(2)-Enterprise Solution (Radius server)

    You could use FreeRADIUS on Windows: FreeRADIUS.net - Fast, Easy & Best of all... FREE!.

    But setting up a server for FR isn't costly, any old dusty PC will do. You'll have to learn some Linux stuff though. Check out my article:
    Use FreeRADIUS for Wi-Fi Authentication - www.enterprisenetworkingplanet.com

    Another option is ZeroShell, check out my article on it:
    LinuxPlanet - Tutorials - Set up Secure Wireless With Zeroshell Linux (part 2) - Setting up RADIUS Wireless Client Authentication

    If you have $100 - $200, check out USRobotics USR5453 or ZyXEL's NWA-3160 or ZyAIR G-2000 Plus v2. These APs have built-in RADIUS server.

  9. #9
    Junior Member Agarax's Avatar
    Join Date
    Mar 2010
    Posts
    43

    Default Re: Cheap WPA(2)-Enterprise Solution (Radius server)

    Quote Originally Posted by Lucifer View Post
    I've read about FreeRADIUS and other software out there, but it requires a dedicated linux machine/server, which I do not have.
    It really is a pity my own NAS server doesn't support it.
    What I am hoping to find, is a little cheap server box which would be online 24/7 as a dedicated radius server and nothing more.
    But up untill now, I've found none.
    What's the hardware specifications for your NAS Server? You might want to consider redeploying with a different OS and have FreeNAS running in a VM.

    If you really want dedicated hardware that's only good enough to run basic services, I would recommend looking at some of these nettop/mini computers at Newegg

    A dual core Atom is more than good enough for running your basic Linux services (HTTP, FTP, DNS, RADIUS, ect). It will start to choke and die if you try to run a big pipe VPN through it, though.
    "If you haven’t trashed your computer while doing something questionable, then you’re not a computer scientist – you’re just an arts grad who didn’t get laid."

    If the time stamp for my post is less than 15 minutes old, hold off on the flamethrower, there's a pretty decent chance I'm going to change it.

  10. #10
    Junior Member Lucifer's Avatar
    Join Date
    Feb 2010
    Posts
    75

    Default Re: Cheap WPA(2)-Enterprise Solution (Radius server)

    I already considered that, but it's simply impossible on my NAS, it's a cheap 1 Tb Iomega one, but it works great. Just impossible to add stuff to it like radius, or to change the OS.

    A barebone is a great suggestion, I'll keep it in mind!
    But for now, the online radius server will do.

    Thanks,
    Last edited by Lucifer; 08-21-2010 at 12:31 PM.

Similar Threads

  1. WPA2 Enterprise con server radius
    By dirtydozen in forum Angolo Wireless
    Replies: 1
    Last Post: 05-09-2010, 12:58 PM
  2. RADIUS server question
    By plTOC in forum OLD Newbie Area
    Replies: 5
    Last Post: 07-08-2009, 07:06 PM
  3. Cheap Tidy Cable Solution
    By thorin in forum OLD General IT Discussion
    Replies: 7
    Last Post: 04-17-2008, 05:47 PM
  4. Can hostapd daemon be used as a radius server
    By tej7804 in forum OLD Newbie Area
    Replies: 0
    Last Post: 08-09-2007, 07:40 PM
  5. WPA 1/2 Enterprise w/Radius
    By jpb2433 in forum OLD Wireless
    Replies: 1
    Last Post: 07-27-2007, 09:33 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •