Really need a AD for RADIUS server?

By 2BlueUK ·
Hi there,

Had the office go wireless recently, didnt inmagine it will go this well.
Have a Draytek router and two Linksys WAP's connected. Really save's space with those old wires going all over the place, and whats more, performance in speed even with G band cards have rocketed compared to 10/100 wired network we had.

There is growing concern with security however, not that we had a break in...There is MAC filtering available on the router and WAP's as well as MAC to IP bind on Draytek, in short even if you somehow managed to hack the key and spoofed your mac, there's no way you're making any use of network resources including the internet untill your MAC is manually typed in the router and been assigned an IP.

There is just two questions I wanted to discuss, what do you think about the security measures already stated above (of course nothing is full proof).
As opposed to setting up a dedicated RADIUS server?
Which one has more advantages and drawbacks, keeping in mind it is a small office with no more than 20 client PC's (wireless) and 3 servers (on cable) and a few iphones and PDA's.
And do you really need a active directory to set up windows IAS?

Heard a couple of people say not really since you will only need it to export digital certificates with ease (I dont mind doing this manually) to the entire policy group.

Looking forward to your comments?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

RADIUS isn't hardware/infrastructure security features

by CG IT In reply to Really need a AD for RADI ...

like the use of MAC filtering, or WPA encryption on wireless hardware.

RADIUS [remote authentication dial in user service] is for authenticating users before they are allowed access. MAC address filtering & WPA assumes if you have the right MAC address and the right key you are allowed.

The 2 methods provide a layered security approach.

Collapse -

but which is more solid?

by 2BlueUK In reply to RADIUS isn't hardware/inf ...

OK both provide layer 2 security, and we all know the flaws with MAC filtering and changing ones MAC....even with windows now!
Im not even questioning how secure this procedure is, short and simple, its not.

I have little faith in Draytek's MAC to IP binding, probably because I cant think of a way how you can hack its database that contains trusted MAC's and assigned IP's and the limited IP range, but Im still not sure how secure that is.

thanks for the reply BTW.

Collapse -

no security is 100% but you can build layers that

by CG IT In reply to but which is more solid?

make it hard for unauthorizied access.

You require lots of hoops.

Collapse -

ok I'd make these 2 hoops first.

by 2BlueUK In reply to no security is 100% but ...

Think I should build a domain before I set up the RADIUS server? with 20 PC's setting up AC seems like an overkill....and requires me to work!

Collapse -

AC? Do you mean AD?

by Brenton Keegan In reply to ok I'd make these 2 hoops ...

Are these 20 PCs running Windows? If so I'd absolutely recommend setting up a domain controller. There's a LOT you can do with active directory. It may seem like "overkill" and lots of work but it's really not compared to how much more control you will have. This control will allow you to secure your endpoints better. It will save you loads of work in the long run, if you know how to use it.

It will also position yourself better for growth.

Related Discussions

Related Forums