How Does RADIUS Improve WiFi Security?

Written by Greg Keller on August 21, 2020

Share This Article

You may wonder, how does RADIUS improve WiFi security? Let’s discuss your current WiFi password dissemination practices, to illustrate the problem and why a RADIUS solution will help

Is your WiFi password written on the conference room whiteboard? Or, are you using a shared passphrase that is emailed? Perhaps you have people coming and going from your organization, which forces you to constantly hand out the WiFi password on sticky notes or paper. 

Sure, these practices are convenient, but they’re not at all secure. The problem with the aforementioned methods is that it makes it far too easy for an intruder to jump on to your WiFi network and put your organization at risk. So, how can you protect your network? Let’s take a look at RADIUS and why it is the industry standard when it comes to WiFi access management.

What is RADIUS?

At its most basic, RADIUS is an acronym for Remote Authentication Dial In User Service. The “Dial In” part of the name shows RADIUS’s age: it’s been around since 1991. Today, however, RADIUS is widely used to authenticate and authorize users to remote WiFi networks (and VPNs, network infrastructure gear, and more). This process is generally completed with the WPA2 enterprise protocol on wireless access points (WAPs) — i.e. the shared SSID and passphrase process detailed above. But, it isn’t just remote network access that IT organizations are looking to leverage RADIUS for. When RADIUS is applied to on-premises networks, the security of that network is also increased. 

For organizations looking to use RADIUS, there are a good number of options available including: FreeRADIUS, Microsoft® NPS, Cisco ISA, RADIUS-as-a-Service, and many others. 

RADIUS Improves WiFi Security

RADIUS pairs with directory services solutions like Microsoft Active Directory® (AD) or OpenLDAP™ to fortify security for wireless networks. But how? In order to access a wireless network secured by RADIUS, the user must provide their own unique, core set of credentials. 

Essentially, the credentials a user has for their work system are the same ones they will use to log in to the network. These credentials move from a supplicant on the user’s desktop, laptop, or mobile device to the WiFi access point and then on to the RADIUS server, to be matched to the credentials stored in the directory service. (Note: RADIUS servers can also store your end user credentials natively, but usually, the core identity for a user is stored within an organization’s identity provider, rather than a single protocol server such as a RADIUS server).

The result: with RADIUS in place, you no longer need to worry about bad actors stealing your network SSID and passphrase from a conference room whiteboard. That is only a portion of the credentials that you need to access the network – without unique user credentials authenticated by the directory service, a user can’t get on the network. The end result is vastly improved network security. 

For extra security, you can also use RADIUS to implement per-user VLAN tagging. What this does is it segments your WiFi network into as many virtual networks as you may need. Then, individual users or groups (think departments in your organization) are assigned to a specific VLAN or VLANs. So, even if one of your users or VLANs were compromised, your entire network infrastructure would not be at risk. 

RADIUS Implementation Challenges

The challenge with standing up a RADIUS server stems from the fact that you need to integrate it with a number of components. First, in order for the RADIUS server to know which users can and cannot access the network, you need to integrate it with your directory service. This can provide quite a challenge.Then, it is time consuming to implement RADIUS within a network if you need to install, configure, and manage all of the pieces yourself.

RADIUS-as-a-Service Makes Security Easy

A facet of JumpCloud® Directory-as-a-Service®, RADIUS-as-a-Service makes implementing RADIUS at your organization painless compared to the alternatives. Just like traditional RADIUS servers, JumpCloud enables boosted network security — users each leverage their own unique set of credentials to access the network.

Provided “as-a-service,” JumpCloud has gone through the process of setting up independent RADIUS servers around the globe. The result is that you can enable RADIUS from anywhere and not have to worry about maintenance, security, downtime, resiliency, or redundancy. We take care of all the heavy lifting so you can simply enjoy the benefits of a secure network. 

Try RADIUS-as-a-Service for Free Today

To get started with RADIUS today, sign up for a free JumpCloud account. It’s fully featured and includes the entire suite of Directory-as-a-Service functionality including our premium services Directory Insights™ and System Insights™. Plus, your first 10 users and 10 systems are free forever. For further questions, drop us a line or visit our learning platform, JumpCloud University. Or, click the in-app premium chat service 24×7 in the first 10 days for help from our Customer Success Engineers.

Greg Keller

JumpCloud CTO, Greg Keller is a career product visionary and executive management leader. With over two decades of product management, product marketing, and operations experience ranging from startups to global organizations, Greg excels in successful go-to-market execution.

Continue Learning with our Newsletter