By Greg Keller Posted August 22, 2019
RADIUS servers are a key part of the identity management and user access control process. Historically, RADIUS has been used to manage network access and networking infrastructure. FreeRADIUS is the most popular open source RADIUS server. Those RADIUS servers have also been used to secure networks through 802.1x port access control and with WiFi networks.
There is a new solution afoot that is helping IT organizations leverage RADIUS without the work. It is called hosted RADIUS.
WiFi Improves Flexibility and Productivity, Reduces Costs Hackers are Plugged Into WiFi Insecurities
If you step back, modern networks are now moving to be wireless. The benefits of moving to WiFi are significant for organizations, including the flexibility and productivity users have in accessing the network. Employees become more productive when WiFi is available. They are also more likely to collaborate because they can move around and meet anywhere in the facility. IT organizations enjoy the benefit of less overhead of management and also reduced costs of network infrastructure.
Hackers are Plugged Into WiFi Insecurities
The challenges of WiFi, though, are significant as well. The main one is it lacks security. WiFi signals often radiate outside the office walls. This can be good as there may be outside space that employees want to use. However, others can pick up the signal as well. This means that hackers can find a way into the network without physically being within the building. WiFi security is not like wired security where you need to uniquely authenticate to have access. A shared passphrase is generally all that is needed to access the network. That shared passphrase is often rotated as people leave the organizations, but hackers can also glean this password without too much trouble. The impact is that IT organizations are never completely confident in their WiFi security.
Connecting WiFi with Directory Services
IT admins are connecting their WiFi networks with their directory service to require unique logins for each person. The process works as follows:
- The wireless access points are connected to a RADIUS server.
- The RADIUS server is then integrated with the identity provider.
- A user’s laptop or desktop will securely send credentials to the RADIUS server via the WiFi access point.
- The RADIUS server will confirm with the directory server that the credentials are correct. If they are, the user is allowed onto the network. If not, they are denied access.
The user only inputs their credentials into a supplicant on the device once. There is little to no hassle for the end user, but now an IT organization can control exactly who is accessing their network.
Tap into the Benefits of Hosted RADIUS
Managing this entire WiFi authentication process can be time consuming and painful. Hosted RADIUS is a key function of Directory-as-a-Service®. The hosted RADIUS server is provided pre-configured and is managed on an ongoing basis by the Identity-as-a-Service platform. IT organizations simply point their WAPs to the cloud RADIUS server. The directory service is also integrated into the cloud service. The entire process takes a few minutes to set up and enables IT organizations to add a critical security element to their WiFi network.