Can I Log All RADIUS Authentications Across My Organization?

Written by Zach DeMeyer on July 4, 2020

Share This Article

In any compliance endeavor, IT administrators need to prove to auditors that their network is as secure as possible. Many admins turn to the Remote Authentication Dial In User Service (RADIUS) protocol to require unique credentials for each user in secure network authentication. 

Although effective for securing access, RADIUS authentications still need to be tracked to provide an audit trail. In order to fully prove compliance, IT admins need an event logging solution that ties into their RADIUS service.

Using RADIUS for Compliance

Although the scope of compliance regulations differs by industry and governing body, they all generally revolve around ensuring that confidential data is kept safe from unauthorized access. In addition to other key security features, most regulations require that organizations record and monitor resource access events to provide evidence of compliance.

Among the most critical of these monitored resources is the network. After all, access to the network enables users to access the various tools and data they’re authorized to use. To prove compliance, admins need to show that their network is gated and the entrants tracked.

That’s where RADIUS comes in. A RADIUS server syncs with an organization’s directory — either stored on board or sourced from an identity provider (IdP) — to require that each user presents unique identification upon access to the network. Admins can also use RADIUS to control access to virtual private networks (VPNs) and automatically segment traffic to different virtual local area networks (VLAN)

With RADIUS in place, users must be known entities to access the core network and its subsequent intricacies. From a compliance perspective, RADIUS covers multiple key requirements, especially when organizations have tooling in place for RADIUS event logging.

Logging RADIUS Events

RADIUS event logging comes in several forms depending on how the protocol is implemented.

FreeRADIUS

The open-source RADIUS implementation provides free RADIUS capabilities for those with the server hardware and technical ability to set it up. During the setup process, admins create folders for server log storage, which can be queried later on to view event logs. 

For compliance, this raw data will need to be exported and manipulated to present to auditors, whether documented or visualized in an analytics solution. Additionally, with multiple servers required for failover purposes, admins will need to pull data from each server individually — a tedious task when swamped with other compliance to-dos. Log data will also need to be sessionized so that each user is tracked in their entirety.

Windows® Network Policy Server (NPS)

The RADIUS proxy server included with Windows Server allows for integration into the Microsoft® Active Directory® IdP, tying network access control into the same tool many admins use to manage the majority of their environments. Since NPS falls under the Windows umbrella, its event logs can be accessed through Windows Event Viewer.

Some admins, however, need a new RADIUS implementation following the sunsetting of an older Windows Server version or an organizational shift to the cloud. What options exist for them?

RADIUS-as-a-Service

Admins can employ a cloud-hosted RADIUS service, or RADIUS-as-Service, to accomplish the security benefits of a RADIUS server without having to set up or maintain that physical server. Combining RADIUS-as-a-Service with a cloud directory service, or Directory-as-a-Service®, enables organizations to log events across RADIUS and many other endpoints through Directory Insights™.

Event Logging with Directory Insights

Directory Insights is a premium service available with the JumpCloud® Directory-as-a-Service platform, providing at-a-glance access event data across: 

  • RADIUS, LDAP,  and SAML endpoints
  • Windows, Mac®, and Linux® systems
  • Changes made to user identities, group, and access rights made in Directory-as-a-Service

Organizations using Directory Insights can view events from the JumpCloud Admin Portal, export data via API into an analytics tool, or download audit trails via CSV or JSON. PowerShell-savvy admins can also use the JumpCloud PowerShell Module to manipulate Directory Insights data as they see fit.

Directory Insights can be used to support multiple compliance endeavors including SOC 2 Type 2. Read this blog to learn more.

Zach DeMeyer

Zach is a Product Marketing Specialist at JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, music, and soccer.

Continue Learning with our Newsletter