With the IT network shifting further away from wired connections and over to WiFi, there is a renewed focus on security and authentication services. Gone are the days of security by proxy—that is, security via a physical connection to the network. With WiFi, additional measures need to be exercised. As a result, the identity and access management capability for RADIUS authentication is being evaluated by IT admins around the world. We will explore that evaluation in the following blog.
RADIUS Past and Present Use Cases
RADIUS authentication services have been around for a long time. RADIUS was originally used in the dial-up era to control user access to networks. When 802.1 switches started to come to market, they were coupled with FreeRADIUS, the open source RADIUS implementation. This coupling worked to create much stronger network control. But, while heightened security was the focus, a challenge persisted. The challenge was that implementing an 802.1x enabled network was quite difficult. Thankfully, that isn’t the case any longer.
Now, with WiFi networks comprising the vast majority of networks and IT admins focused heavily on securing those networks, IAM RADIUS authentication capabilities are starting to attract great interest. The concept of stepping up WiFi security with RADIUS is as follows: IT admins require end users to authenticate via their OS supplicant to the WiFi access point, which passes the user’s credentials on to the RADIUS server. The RADIUS server is integrated with the identity provider (IdP), usually OpenLDAP™ or Microsoft® Active Directory® (MAD or AD). The IdP confirms that user’s login credentials, and those are then passed back to the RADIUS server and WiFi access point to allow user access. The entire process dramatically increases the security of a WiFi network because users connect to their network with their own unique set of credentials, not some SSID and password combination written on a whiteboard.
Boost Network Security with RADIUS and VLANs
For bonus points, many IT admins are adding VLAN assignments in conjunction with their RADIUS implementation. Dynamic VLAN steering places users in separate VLANs for increased security. Without per-user VLAN tagging, every user from every department is grouped into the same network. That means development, accounting, marketing, and finance are all on the same connection. With this approach, if one portion of the network is compromised, the entire network is in trouble. VLANs segment networks, so if one section is jeopardized, it doesn’t have a cascading effect on the rest.
Regardless of whether the organization is using VLAN assignment or not, the concept of integrating RADIUS authentication into the identity and access management approach makes a great deal of sense. The problem is that it takes a significant amount of time and resources to actually make it all happen. Now, there is an easier way.
Cloud-based Directory Services Plus RADIUS Authentication
Now, there is a next generation cloud IAM RADIUS authentication service that does the heavy lifting for IT organizations. With JumpCloud® Directory-as-a-Service®, RADIUS is already coupled with a source of truth—the directory. So, that means IT admins no longer have to backend their RADIUS server with their IdP (often OpenLDAP and/or AD), because that functionality is built in. Instead, they just provision users, point their WAPs to our hosted RADIUS server, and enjoy the increased security that comes with properly implemented RADIUS. And for those that want to segment their network, all they need to do is make sure their equipment is compatible and get to work assigning groups or individual users to specific VLANs.
Learn More About RADIUS Authentication with JumpCloud
If you’re ready to learn more about the identity and access management capability RADIUS authentication, feel free to drop us a line. Or, if you just want to get busy, sign up today for a free account. You can manage up to 10 users forever with our free account, and it doesn’t even require a credit card. Additionally, check out our Knowledge Base or YouTube channel for more information.