1⟩ I have a Wi-Fi network and would like to protect it from unauthorized access. It is better to use a RADIUS server that allows me to have 802.1x authentication and protection with WPA or WPA2 or use a Captive Portal that authenticates access via web login?
Both methods have benefits and faults. Using RADIUS with 802.11i you will be more secure due to the fact that other than access authentication, which occurs when the client associates to an access point, the data link layer of wireless communication is encrypted with encryption keys which are changed at regular intervals. On the other hand, a Captive Portal gateway simply authorises access when the client already has an IP address. In this case, if the data must also be encrypted we must avail of other expedients, for example VPNs. The captive portal has the undisputable advantage that it does not require any client side configuration and can work with any Wi-Fi hardware. In reality, given it works at IP level, the Captive Portal can protect access even on a cabled network. Instead, the system with a RADIUS server, other than being more complicated to configure for the user, requires hardware (access point and wireless network card) support and operating system support. To conclude, we can say that the Captive Portal is better adapted in HotSpots in which the only objective is to protect against indiscriminate Internet access. WPA and WPA2 with a RADIUS server better adapt to situations where it is indispensable to guarantee both data confidentiality and user authentication.