Enterprises can go WPA-802.1x with RADIUS servers and PC client supplicants. Most enterprises choose RADIUS over WPA-PSK because PSK requires more administrative overhead and can be vulnerable. Employing RADIUS requires a thorough examination of the merits of alternative EAP types.
Here and Now
If your company's handheld devices are used to conduct critical transactions--like in the health-care, manufacturing and logistics industries--you'll have to deploy WPA because existing handhelds don't support RSN's hefty AES. Until 802.11i is finalized and its features for real-time wireless apps like voice over WLAN are available, WPA is the next best thing for true wireless security.
Frank Robinson is a systems associate at Syracuse University. Write to him at firstname.lastname@example.org. How do the 802.11i and WPA specs stack up? To find out, we tested some WPA systems in our Syracuse University Real-World Labs.
Once you've decided on a RADIUS server and established a security context for your WPA system, you must integrate the server with your organization's identity database. To get a feel for what's involved, we set up Meetinghouse's Aegis WLAN Security client and server products. To establish the security context, we obtained a certificate for the server from the enterprise root CA (certificate authority).