Securing Your Wireless LAN
In addition to authenticating wireless LAN users, Steel-Belted Radius also plays a pivotal role in securing their connections. To perform these functions, Steel-Belted Radius supports the following:
- Extensible Authentication Protocol (EAP), the transport protocol specified in the 802.1x protocol that is used to negotiate the connection between the WLAN user and the access point.
- EAP authentication methods, including EAP-MD-5 and EAP-Cisco Wireless. EAP authentication methods are vendor-developed security mechanisms that secure the credential exchange, data transmission, or both. Steel-Belted Radius fully supports EAP-MD-5 and EAP-Cisco Wireless, including their requirements for key generation and exchange.
In addition, Steel-Belted Radius provides additional security on a WLAN by
- Protecting against rogue access points. Steel-Belted Radius ignores communications from any access point that is not registered with it. This helps prevent network intrusion from illegally installed or used equipment.
- Supporting time session limits, time-of-day restrictions, and other RADIUS attributes, which let you impose additional security constraints on WLAN usage.
For example, you could specify that WLAN access can only occur during business hours, or force re-authentication after a specified amount of time. This allows for more granular and robust security on your WLAN.
Steel-Belted Radius also makes it possible to manage both wireless LAN and remote users from a single database and console, greatly reducing your administrative burden by eliminating the need for two separate authentication systems.
In this tutorial:
- Securing the WLAN
- Access Point-Based Security Measures
- MAC Filtering
- Controlling the Radiation Zone
- Defensive Security Through a DMZ
- Third-Party Security Methods
- VPNs
- Funk Steel-Belted Radius
- Central User Administration
- Central Hardware Administration
- Securing Your Wireless LAN
- RADIUS Accounting
- WLAN Protection Enhancements
- AES