By Greg Keller Posted August 15, 2019
Increasingly, network infrastructure technology is being delivered ‘as-a-Service’, or cloud-hosted. Amazon Web Services (AWS) and similar organizations have pioneered the concept of the network-as-a-service that anyone can easily purchase. More importantly, one can purchase only what’s necessary, adding or reducing when needs change. Efficiency is the new normal. The infrastructure services on the market today diminishes the need to build many components in-house. IT can simply leverage Infrastructure-as-a-Service platforms for their organization’s needs. That translates to no cap-x spend, no setup, and no on-going maintenance for IT. Let’s discuss one service emerging that is especially noteworthy in this category: hosted FreeRADIUS.
Key Component to WiFi Access Management
FreeRADIUS is a key component when IT admins are requiring user access management to the network infrastructure. Most recently, the RADIUS server has been leveraged to enhance an organization’s WiFi security. Networks have shifted from being wired to now being wireless due to WiFi’s substantial benefits. Users are more productive and can leverage office space more effectively. The only downside to WiFi is the increased security risk. As a result, IT organizations are looking to capture the benefits of WiFi, but mitigate the risks. The process necessary for this is authenticating each WiFi user requesting network access.
Mitigating Security Risks
Most organizations are using shared credentials to access the WiFi network. An SSID and passphrase is provided to all employees. Aside from the potential security threat of sharing credentials, further problems may arise when users leave. Shared SSID and passphrase may be updated, but often this isn’t done and old employees will continue to have access to the WiFi network. To make matters worse, hackers can figure out the SSID and passphrase credentials through a variety of techniques. By connecting the WiFi network to the core user directory through the FreeRADIUS component, ensuring that users have unique identities on the network, IT organizations provide an additional layer that can dramatically increase network security.
The Benefit of a Reduced IT Workload
The challenge, though, for IT organization is how to integrate all of the components required to connect users to the directory service for authentication. The process typically starts with the user entering their credentials into a piece of software on their device called a supplicant. The supplicant then securely communicates to the FreeRADIUS server via the wireless access point. The RADIUS server accepts those credentials and then validates them with the directory service. The process touches a number of different pieces of infrastructure, all of which need to managed by the IT organization. Enter cloud-hosted FreeRADIUS.
A hosted FreeRADIUS service’s goal is to off-load the tedious effort required to run a RADIUS-based authentication platform. Directory-as-a-Service® solutions have integrated a cloud-hosted FreeRADIUS server that organizations can leverage. IT admins simply point their access points to the virtual RADIUS server. The on-board directory service enables easy integration between RADIUS and the cloud directory. The best part is that no ongoing work is necessary by the IT organization for the integration. IT admins initially enter their users into the cloud directory service and decide who should have network access. The process is far simpler and the heavy lifting is done by the Identity-as-a-Service provider.
If you would like to learn more about how you can off-load your WiFi authentication to a hosted FreeRADIUS service, drop us a note. We are happy to walk through how Directory-as-a-Service can support your identity management needs. Or, if you would like to try RADIUS-as-a-Service functionality for yourself, please sign up for a free account. Your first 10 users are free forever.