OK guys, let me pick your brains... There is interest in setting up Wi-Fi in our system. Since I've been working with it for a while now at home, at others' homes, etc., I get to be "Wi-Fi Guy." Why I take on all these responsibilities for such a meager salary is beyond me. But I digress...
I've used WPA-PSK for all the devices I've set up. I get a 63-character Crazy-Ass? password from https://www.grc.com/passwords to eliminate the risk of brute-forcing it. I know about the existence of RADIUS, but I'm not very familiar with it, and I'm not entirely sure that it would be our ideal solution. >From what I understand, if I were to go the RADIUS route, I would set up a RADIUS server, which would prompt for a login upon connecting. It would authenticate that against our domain login server, and either allow or deny access based on the provided credentials. Is that pretty much it? If so, I don't know if that's such a good idea. We have laughable login security. Everyone's password is restricted to numerals only, and since they must be at least four digits, 99.9% of our passwords are exactly four digits. There are protections in place that check passwords against the personnel database, so you can't use your SSN, DOB, or phone number, but anniversaries and loved ones' birthdays are fair game, and are often utilized. We have one WAP set up with WPA-PSK right now. We plan to expand, and eventually have one at every site (all 27 of them). We'll use the same key for all the routers (we're using routers instead of WAPs because we don't use DHCP), and the key will be stored on the relevant users' laptops as a text file. So which method is more secure? (If I've even got the RADIUS idea correct...) PSK is susceptible to someone getting the text file, or stealing a laptop, which is not unheard of... RADIUS seems susceptible to simple password guessing, which could be very easy depending on the user (and the villain) Any input is greatly appreciated. Thanks, Joe
