Zeroshell workshop

Wireless LANs (WLANs) have long since firmly established themselves even in private homes – at the expense of communication security. It's true that the WPA2 standard has made an important step forward from its predecessors; but, its pre-shared key (PSK) technology is still plagued with inadequacies in terms of preventing attacks. The IEEE 802.11i WPA2 Enterprise specification does in fact provide more security. Zeroshell [1] will help you get up to speed with relative simplicity.

Technology

Although WPA2-PSK uses only a single key for the whole network, authentication with WPA2 Enterprise uses various other methods together with a RADIUS server. The RADIUS server provides central user accounting, so that, for example, net access (and possibly de-access) for every client can be configured separately. With WPA2 Enterprise, the RADIUS server rather than the net access point does the authentication. If the login is successful, the access point unlocks the client's network access as determined by the RADIUS server.

Authentication via RADIUS server is based on a significantly enhanced infrastructure. You can choose among different authentication methods; the completely encrypted communication and registration with different keys and certificates makes for a high degree of security. With WPA2 Enterprise, the user registers with a username and password, which the RADIUS server encrypts, at the access point. Thus, asymmetric encryption per EAP-TLS specification secures the communication between the client ("supplicant"), access point ("authenticator"), and the RADIUS server.

[...]