You may be wondering, how does RADIUS improve WiFi security? But, before we get to that, let’s discuss what could potentially be your current WiFi password dissemination practices. Is your WiFi password written up on the conference room whiteboard? Or, are you using a shared passphrase that is emailed out? Perhaps you have a lot of people coming and going from your organization, which forces you to constantly hand out the WiFi password on sticky notes or scraps of paper.
Sure, these practices are convenient, but they’re not all that secure. The problem with the aforementioned methods is that it makes it far too easy for an intruder to jump on to the WiFi network and put your organization at risk. So, how can you protect your network? Let’s take a look at RADIUS.
What is RADIUS?
At its most basic, RADIUS is an acronym that stands for Remote Authentication Dial In User Service. The “Dial In” part of the name shows RADIUS’s age (it has been around since 1991). Today, however, RADIUS is widely used to authenticate and authorize users to remote WiFi networks. This process is generally completed with the WPA2 enterprise protocol on wireless access points (WAPs). But, it isn’t just remote network access that IT organizations are looking to leverage RADIUS for. When RADIUS is applied to on-prem networks that users utilize daily, the security of that network is also increased.
For organizations looking to leverage RADIUS, there are a good number of options available including: FreeRADIUS, Microsoft® NPS, Cisco ISA, RADIUS-as-a-Service, and many others.
RADIUS Improves WiFi Security
RADIUS pairs with directory services solutions like Microsoft Active Directory® (MAD or AD) and / or OpenLDAP™ to fortify security for wireless networks. But how? In order to access a wireless network secured by RADIUS, the user must provide their own unique, core set of credentials. Essentially, the same credentials they use to log in to their work system are the ones they will use to log in to the network. These credentials move from a supplicant on the user’s desktop or laptop to the WiFi access point and then on to the RADIUS server and are then subsequently matched to the credentials stored in the directory service. The result: with RADIUS in place, you no longer need to worry about bad actors stealing your network SSID and passphrase from a conference room whiteboard. The end result is vastly improved network security.
For extra security, you can also utilize RADIUS to implement per user VLAN tagging. What this does is it segments your WiFi network into as many virtual networks as you may need. Now, individual users or individual groups (think departments in your organization) can each be assigned to a specific VLAN. So, even if one of your users or VLANs were to get compromised, your entire network infrastructure would not be at risk.
RADIUS Implementation Challenges
The challenge with standing up a RADIUS server stems from the fact that you need to integrate it with a number of components. First, in order for the RADIUS server to know which users can and cannot access the network, you need to integrate it with your directory service. This can provide quite a challenge. From the system level (i.e. a user’s laptop or desktop), IT admins need to ensure that each system is running the same supplicant and RADIUS protocol. In scenarios where there are many systems, each potentially running different OSes, this process can become quite difficult and time consuming. Further there is the communication between the WiFi access points and the RADIUS server which too can end up adding more work and brittleness to the entire setup.
RADIUS-as-a-Service Makes Security Easy
A facet of JumpCloud® Directory-as-a-Service®, RADIUS-as-a-Service makes implementing RADIUS at your organization relatively painless as compared to the alternative, which is rife with integration challenges. Just like traditional RADIUS servers, JumpCloud enables boosted network security because you no longer need to utilize a single, shared SSID and passphrase combination. Users each leverage their own unique set of credentials to access the network. No more emails, sticky notes, or need to continually update your network password.
Provided “as-a-service,” JumpCloud has gone through the process of setting up independent RADIUS servers all around the globe. The result is that you can leverage RADIUS from anywhere in the world and not have to worry about maintenance, security, downtime, resiliency, or redundancy. We take care of all the heavy lifting so you can simply enjoy the benefits of a secure network.
Try RADIUS-as-a-Service for Free Today
We hope that after reading this article you have an idea about how to answer the question, how does RADIUS improve WiFi security? If you’re ready to utilize RADIUS today, sign up for a free JumpCloud account. It’s fully featured and includes the entire suite of Directory-as-a-Service functionality. Plus, your first 10 users are free forever. If you have any further questions, feel free to drop us a line or visit our YouTube channel.
Resources for Implementing RADIUS with JumpCloud
Below you will find some resources to help you get the most of your JumpCloud account and RADIUS.
- Main RADIUS-as-a-Service support page
- Configuring a Cisco Meraki WAP To JumpCloud’s RADIUS-as-a-Service page
JumpCloud can integrate with any RADIUS-capable WAP, VPN, or other IT application or resource. No need for any on-prem resources or gear. You simply point your RADIUS enabled network gear or IT resources to the cloud identity service and it takes care of the rest of the heavy lifting for you.