By Kayla Coco-Stotts Posted October 16, 2019
RADIUS authentication has been around for decades, but IT professionals debate whether it should be the go-to service for managing and authenticating users. Although the technology landscape has developed to include a variety of authentication protocols, RADIUS authentication continues to offer value in a new, disparate IT scene.
As such, we’ve broken down what RADIUS authentication truly is, and the pros and cons IT admins should evaluate with respect to its implementation.
What is RADIUS Authentication?
At its most basic, RADIUS authentication is an acronym that stands for Remote Authentication Dial in User Service. Livingston Enterprises, Inc. developed it as an authentication and accounting protocol in response to Merit Network’s 1991 call for a creative way to manage dial-in access to various Points-Of-Presence (POPs) across its network.
RADIUS utilizes the client/server model to authenticate and authorize users to login to a network or network infrastructure gear. It works by sending client requests for access to the RADIUS server for verification. These requests are formatted like a package, including the client’s username, password, IP address, and port, which are then queried in the database for potential matches. Depending on the information received, and whether it is correct, the server will return with an action to either accept, reject, or challenge access to the requested service.
Although it was initially developed to replace proprietary dial-in services, RADIUS provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect to and use a particular network. Over time, this concept has been expanded to include a variety of protocols and modern networks. Traditional AAA management still exists on-prem, with cloud-based RADIUS-as-a-Service offering similar capabilities as a microservice.
The Pros of RADIUS
- Added security benefits: RADIUS allows for unique credentials for each user, which lessens the threat of hackers infiltrating a network (e.g. WiFi) since there is no unified password shared among a number of people.
- Avoids the pain of password management: Unique credentials ensure that a shared password does not need routine changing, because each person manages their own. This saves time for an IT admin, and users do not have to routinely seek out an updated password.
- Central point for user and system authentication: Through this, IT admins have one point of contact for user management when it comes to authentication, authorization, and password management.
- Great tool for larger networks managed by multiple IT admins: RADIUS makes it easier to control who or what has access, and when. When it comes to hundreds or thousands of users in large corporations, only the correct, authorized people have access to a network of sensitive information. VLAN segmentation via attributes is a critical feature of RADIUS-driven networks.
- Traditionally implemented on-prem: Maintenance can be difficult and time-consuming for on-prem hardware. Regular upkeep and monitoring mean that, over time, the management of on-prem servers can be more intensive and frustrating.
- Initial setup for a RADIUS server: This can also be difficult for IT admins to implement and integrate in an existing IT landscape, especially if the organization already supports on-prem, legacy services like Active Directory®.
- Vast array of configuration options: On RADIUS servers, configuration and initial setup can be complicated and daunting with a wide range of protocols and compatibility issues. Even the most experienced IT admins have to walk through a complex configuration process.
- Choosing the right one for you: When it comes to RADIUS server software and implementation models, it can be hard to know which is right for you. Some options can be costly and require long-term commitments, while others are free, and some require extensive time and effort to implement. The flood of information can be overwhelming and make it hard to choose the right service for you.
Although the traditional authentication service has its perks, cloud-based RADIUS authentication provides all the benefits without the hassle of maintaining on-prem infrastructure for on-prem RADIUS authentication. JumpCloud’s RADIUS-as-a-Service provides additional security, like password complexity, MFA, and dynamic VLAN assignment, without complicated configuration or the stress of initial setup.