By Greg Keller Posted April 13, 2016
As organizations think about how to increase the security of their WiFi networks, connecting the WiFi infrastructure to the core directory service should be a top priority. The process of making this connection a reality often relies on implementing FreeRADIUS as a bridge between the two systems. The challenge for IT admins is the process of setting up, managing, maintaining, and integrating FreeRADIUS into their IT network. More often than not, modern IT organizations are shifting these tasks to an outsourced FreeRADIUS model.
A More Secure WiFi Network Environment
As WiFi networks become the norm, IT admins are looking for the best ways to secure the network. Requiring users to log in to the wireless network with their unique network credentials dramatically increases security without creating a poor user experience. As most IT admins can attest, a WiFi network with just an SSID and passphrase as security is not enough. Hackers can compromise a network with easily available, relatively simplistic tools and even by merely sitting outside the organization’s office. By tying access to the network with a user’s credentials stored in the core user directory, security is markedly improved.
FreeRADIUS and the Core Directory Service
The process of leveraging a user’s network identity includes integrating the WiFi network to RADIUS which will then integrate with the core directory service. The FreeRADIUS server acts as a proxy for the identity provider to authenticate user access. This process happens when the user connects to the WiFi network. A piece of software (known as a supplicant) is located on every device. The user’s credentials are stored in the supplicant and then passed to the WiFi access point which, in turn, securely passes the credentials to the RADIUS server. From the RADIUS server, those secured credentials are then passed to the directory service to be validated. Once the user’s credentials are validated, the user is allowed access to the WiFi network. The user only needs to enter their credentials once into the supplicant and therefore, the user’s experience is simplified.
Connecting the integration points between FreeRADIUS, the WiFi access points, and the directory service can be time consuming. The process of managing the infrastructure can also be challenging and tedious. Authentication is a 100% uptime process and thus requires the attention of the IT organization. Therefore, by outsourcing the FreeRADIUS infrastructure, IT admins can focus on managing the user identities versus managing the actual infrastructure. Outsourced FreeRADIUS platforms integrate with popular WiFi access points including Meraki, Aruba, and Ubiquity, among others.
RADIUS-as-a-Service is a SaaS-based, outsourced FreeRADIUS based infrastructure. It is a core part of the Directory-as-a-Service® platform which integrates not only the RADIUS functionality, but also the core user directory. A cloud directory service is also included to manage users and connect those users to any relevant IT resources they may need to access. Directory-as-a-Service is a central, cloud-based Identity-as-a-Service platform meant to closely manage users and their access to systems, applications and networks.
If you would like to learn more about how a cloud based directory services platform can also help secure your WiFi infrastructure, drop us a note. We’d be happy to discuss it with you. Or, feel free to try our RADIUS-as-a-Service functionality for yourself. Your first 10 users are free forever.