+ Post New Thread
Results 1 to 9 of 9
Wireless Networks Thread, Wifi security for new suite of laptops - Radius or no? in Technical; We're looking at setting up a diploma rooms with 30 computers; recent discussions mean i now need to look at ...
  1. #1

    Join Date
    Mar 2008
    Location
    Norfolk
    Posts
    237
    Thank Post
    5
    Thanked 10 Times in 8 Posts
    Rep Power
    21

    Wifi security for new suite of laptops - Radius or no?

    We're looking at setting up a diploma rooms with 30 computers; recent discussions mean i now need to look at setting up laptops with wifi access rather than the hardwired PCs previously discussed.

    We dont have a huge amount of wireless onsite - where it exists its used by teaching staff, mainly in mobile classrooms. I'm wondering if its worth the effort to set up a Radius server to authenticate wireless clients given the small number there will be. Would using WPA with a suitably obscure pass phrase be secure enough?

    Context: We're a rural school with few immediate neighbours. I'm the network manager and also the sole technical support for the school (~600 pupils) and i don't want to make a rod for my own back by committing to a huge project if its not really necesssary..

  2. #2

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,214 Times in 761 Posts
    Rep Power
    395
    Basically, if you use PSK you must assume that eventually, someone will get hold of the key. It doesn't matter how obscure you make it. With physical access to connected equipment, there is always a way to retrieve the key from the OS. The real threat is not from the neighbours, but from pupils connecting their own equipment that they've smuggled in.

    If you are happy that a) you can detect when that happens and b) you are happy to go around and change every client to a new key when it does, then it may well suit your needs.

    P.S. Setting up RADIUS is not really a "huge project" if you already have a Windows server.
    Last edited by AngryTechnician; 7th December 2010 at 01:12 PM.

  3. #3

    Join Date
    Mar 2008
    Location
    Norfolk
    Posts
    237
    Thank Post
    5
    Thanked 10 Times in 8 Posts
    Rep Power
    21
    Thanks for the advice - i'll have a ponder. I suspect the chance of someone gaining access using their own equipment is slight at best meaning a PSK approach would do for us, but its about managing the risks, i guess. I admit i was exagerating about the hugeness of the project; i would need to do significant amounts of research and testing before i would feel comfortable rolling this out and, given i don't have anyone to delegate work to, i'd have to fit everything in to what limited time i can find.

    One question about the Radius approach, i'm presuming i don't have to apply this network wide from the outset? Specifically, if i have existing wireless access points that i initially don't want managed by Radius, i'm presuming they will continue to work correctly side-by-side with radius enable equipment? I'm likely to be implementing this during termtime and some of our teachers have a wireless connection only and therefore couldn't be knocked off for any length of time.

  4. #4

    Join Date
    Sep 2006
    Posts
    38
    Thank Post
    1
    Thanked 8 Times in 6 Posts
    Rep Power
    18
    Setting up RADIUS is easy enough, but you may wish to investigate bandwidth first before the investment. 30 wireless clients in one area is going to be slowwww even with the latest 802.1n on 5Ghz.

  5. #5


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,033 Times in 813 Posts
    Rep Power
    341
    Quote Originally Posted by cheredenine View Post
    I'm wondering if its worth the effort to set up a Radius server to authenticate wireless clients given the small number there will be. Would using WPA with a suitably obscure pass phrase be secure enough?
    .
    If they are going to be on a windows domain then it is worth doing - with group policy management you will be able to deploy a certificate to the clients to allow automatic login

  6. #6

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    748
    Thank Post
    17
    Thanked 109 Times in 69 Posts
    Rep Power
    38
    Quote Originally Posted by cheredenine View Post
    We're looking at setting up a diploma rooms with 30 computers; recent discussions mean i now need to look at setting up laptops with wifi access rather than the hardwired PCs previously discussed.

    We dont have a huge amount of wireless onsite - where it exists its used by teaching staff, mainly in mobile classrooms. I'm wondering if its worth the effort to set up a Radius server to authenticate wireless clients given the small number there will be. Would using WPA with a suitably obscure pass phrase be secure enough?

    Context: We're a rural school with few immediate neighbours. I'm the network manager and also the sole technical support for the school (~600 pupils) and i don't want to make a rod for my own back by committing to a huge project if its not really necesssary..
    Hi,

    I would use Radius server to authenticate the devices if possible. its not too difficult once you know the terminology etc.

    Check out the guide on the following link.
    http://www.edugeek.net/forums/networ...as-server.html

    Ash.

  7. #7

    Join Date
    Mar 2008
    Location
    Norfolk
    Posts
    237
    Thank Post
    5
    Thanked 10 Times in 8 Posts
    Rep Power
    21
    Quote Originally Posted by Dageezah View Post
    Setting up RADIUS is easy enough, but you may wish to investigate bandwidth first before the investment. 30 wireless clients in one area is going to be slowwww even with the latest 802.1n on 5Ghz.
    I was going to go down the route of multiple access points for this very reason. I'm assuming the access points will be sufficiently clever or configurable enough to deal with this without clashing...

    I think i'll do my homework and see if i can get this running...

  8. #8


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,033 Times in 813 Posts
    Rep Power
    341
    Quote Originally Posted by cheredenine View Post
    I was going to go down the route of multiple access points for this very reason. I'm assuming the access points will be sufficiently clever or configurable enough to deal with this without clashing...

    I think i'll do my homework and see if i can get this running...
    it will be fine if you have a decent managed wireless network, along with 1GB/s uplinks to your core...

  9. #9

    Join Date
    Mar 2008
    Location
    Norfolk
    Posts
    237
    Thank Post
    5
    Thanked 10 Times in 8 Posts
    Rep Power
    21
    Quote Originally Posted by spc-rocket View Post
    Hi,

    I would use Radius server to authenticate the devices if possible. its not too difficult once you know the terminology etc.

    Check out the guide on the following link.
    http://www.edugeek.net/forums/networ...as-server.html

    Ash.
    This looks spot on! Thanks for the link, the document will prove most helpful, i reckon.

    Cheers!



SHARE:
+ Post New Thread

Similar Threads

  1. Wifi clients, Radius auth, and Ipods
    By amfony in forum Wireless Networks
    Replies: 7
    Last Post: 9th February 2011, 02:34 PM
  2. laptops with the ability to disable wifi button
    By Oops_my_bad in forum Hardware
    Replies: 1
    Last Post: 23rd November 2008, 04:06 PM
  3. Laptops with Broadcom Wifi Devices
    By timbo343 in forum Hardware
    Replies: 14
    Last Post: 28th February 2008, 07:14 PM
  4. Acer laptops and Atheros Wifi
    By jonathanhaddock in forum Windows
    Replies: 3
    Last Post: 18th December 2007, 12:00 PM
  5. Cyberdefender - free internet security suite
    By fooby in forum Downloads
    Replies: 1
    Last Post: 21st November 2006, 11:08 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •