Is your WiFi password written on the conference room whiteboard? Or, are you using a shared passphrase that is emailed? Perhaps you have people coming and going from your organization, which forces you to constantly hand out the WiFi password on sticky notes.
Sure, these practices are convenient, but they’re not at all secure. The problem with the aforementioned methods is that it makes it far too easy for an intruder to jump onto your WiFi network and put your organization at risk. So, how can you protect your network? Let’s take a look at RADIUS and why it is the industry standard when it comes to WiFi access management.
What is RADIUS?
At its most basic, RADIUS is an acronym for Remote Authentication Dial In User Service. The “Dial In” part of the name shows RADIUS’s age: it’s been around since 1991. Today, however, RADIUS is widely used to authenticate and authorize users to remote WiFi networks, VPNs, network infrastructure gear, and more.
This process is generally completed with the WPA2 enterprise protocol on wireless access points (WAPs) — i.e. the shared SSID and passphrase process detailed above. But, it isn’t just remote network access that IT organizations are looking to leverage RADIUS for. RADIUS can be applied to on-premises networks, dramatically enhancing network security.
How RADIUS Improves WiFi Security
RADIUS pairs with directory services solutions like Microsoft Active Directory (AD) or OpenLDAP to fortify security for wireless networks. But how? In order to access a wireless network secured by RADIUS, the user must provide their own unique, core set of credentials.
Essentially, the credentials a user has for their work system are the same ones they will use to log in to the network. These credentials move from a supplicant on the user’s desktop, laptop, or mobile device to the WiFi access point and then on to the RADIUS server, to be matched to the credentials stored in the directory service. (Note: RADIUS servers can also store your end user credentials natively, but usually, the core identity for a user is stored within an organization’s identity provider, rather than a single protocol server such as a RADIUS server).
The result: with RADIUS in place, you no longer need to worry about bad actors stealing your network SSID and passphrase from a conference room whiteboard. That is only a portion of the credentials that you need to access the network – without unique user credentials authenticated by the directory service, a user can’t get on the network. The end result is vastly improved network security.
For extra security, you can also use RADIUS to implement per-user VLAN tagging. This segments your WiFi network into as many virtual networks as you may need. Then, individual users or groups (think departments in your organization) are assigned to a specific VLAN or VLANs. So, even if one of your users or VLANs were compromised, your entire network infrastructure would not be at risk.
RADIUS Implementation Challenges
Traditional RADIUS implementation comes with some challenges. The primary issue with standing up a RADIUS server stems from the fact that you need to integrate it with a number of components. First, in order for the RADIUS server to know which users can and cannot access the network, you need to integrate it with your directory service. This can be quite a challenge in itself.It’s also time consuming to implement RADIUS within a network if you need to install, configure, and manage all of the pieces yourself.
Cloud RADIUS Makes Security Easy
A facet of JumpCloud’s open directory platform, Cloud RADIUS, makes implementing RADIUS at your organization painless compared to the alternatives. Just like traditional RADIUS servers, JumpCloud enables boosted network security — users each leverage their own unique set of credentials to access networks.
The primary difference between Cloud RADIUS and other, older RADIUS solutions is that JumpCloud has done the hard part for you. We have gone through the process of setting up independent RADIUS servers around the globe, and Cloud RADIUS is a native capability within the directory itself, cutting out even more setup steps on your end. The result is that you can enable RADIUS from anywhere and not have to worry about maintenance, security, downtime, resiliency, or redundancy. We take care of all the heavy lifting so you can simply enjoy the benefits of a secure network.