Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless How To

Introduction

FreeRadius - Get it?

Authentication is an essential part of securing any service or network, and one of the heavyweights of network authentication is RADIUS. RADIUS, which is an acronym for "Remote Authentication Dial In User Service", is a network authentication protocol that widely implemented for a number of different services.

According to Wikipedia, RADIUS was originally specified in an RFI by Merit Network in 1991 to control dial-in access to NSFnet. Livingston Enterprises was awarded the contract and delivered their PortMaster series of Network Access Servers and the initial RADIUS server to Merit. RADIUS was published as RFC 2058 in 1997 and RFC 2059 (current versions are RFC 2865 and RFC 2866).

Among its many uses, RADIUS is used by the 802.1X security standard, which is incorporated into the WPA and WPA2 wireless security protocols. But home and small business networks frequently use the PSK (Pre-Shared Key) form of WPA and WPA2, since those versions don't require the RADIUS server that most of us don't have access to. But many users don't use strong WPA passwords, which leaves their wireless LANs open to being compromised via dictionary attacks.

In this two-part series I'll show you how to use the most popular (and free) RADIUS server, FreeRADIUS, with your wireless router or AP that supports WPA or WPA2 "Enterprise". This installment will provide some background on the methods, standards and protocols used.

Why Authentication?

Encryption is obviously an important part of security. But why is authentication so important as well? Consider the following situation:

You're at a coffee shop, surfing the Internet connected to its AP. But then all of a sudden, you lose connection to the AP. No problem. Wireless can be ornery at times and sometimes the wireless signal just gets disrupted, right? You reconnect, and start surfing again. If you're running Windows, it probably spewed forth a mountain of re-authentication packets in an attempt to reconnect you to the AP. But how do you know that the AP you reconnected to is who it claims to be?

Generally we just assume that an AP belongs to its obvious owner. But the scenario above could be the start to a classic "man-in-the-middle" attack. In this exploit, the attacker deauthenticates a wireless client, then masquerades as the AP. The new AP then proxies all the client's traffic through the attacker's computer, reading everything the client sends and receives—including secure webpages.

So authentication provides a two-way benefit. It lets a service provider confidently identify users in order to grant network access only to authorized personnel. But it also provides users with the security of knowing that they are really connecting to the intended network.

More Wireless

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

View attachment 15446‚Äč TP-Link yesterday unveiled a pair of draft 802.11ax routers, both based on Broadcom's draft 11ax platform.The Archer AX6000 (s...
Hello all,Just bought an 86U. I did a basic setup. I enabled the usb Applications like AIcloud. I was hoping that I could set my Iphone to auto send m...
Hello every bodyFirst, excuse me, for my poor englishI have just download AsusWrt-Merlin 384.8_2 on my Asus RT-AC5300 and I have some problems with Tr...
Does anyone have experience yet with the WireGuard protocol for their VPN connection with Merlin's firmware? I saw that IVPN (www.ivpn.com) is offerin...
Hi! After I tried failed and buggy and unstable free cleint recomened by Asus shrew soft, I want to set up connection under ubuntu to my rt-ac88u (wit...

Don't Miss These

  • 1
  • 2
  • 3