By Greg Keller Posted February 18, 2016
FreeRADIUS is the most popular open source RADIUS server on the market today. RADIUS is a core network infrastructure software component. It has, for a long time, been used as part of the authentication infrastructure for networking equipment. The RADIUS protocol was first introduced in the early nineties and has since been leveraged for both server and networking infrastructure. The protocol gained a great deal of popularity with Internet Service Providers (ISPs) and, subsequently, has been utilized within organizations to manage switches, routers, VPNs, and WiFi equipment. Its ability to dramatically increase the security of WiFi networks has been leveraged a great deal over the past twenty-some odd years. The challenge with FreeRADIUS is that it is often difficult to implement, but SaaS-based FreeRADIUS solutions are emerging to help solve that problem.
SaaS-based FreeRADIUS for Ease and Security
IT admins are looking for solutions to assist with easy access to IT resources and at the same time increase security. In the identity management market, many of these solutions are being delivered as SaaS-based services. Solutions such as Identity-as-a-Service are focusing on providing True Single Sign-On™ capabilities. As a part of those solutions, the ability to log on to the WiFi network securely with a single set of credentials is a major part of the value proposition. Users are uniquely logged into the WiFi infrastructure rather than merely using a shared SSID and passphrase. IT admins know that this approach to the WiFi network is, ultimately, far more secure.
Generally, WiFi networks are perceived to be less secure than wired networks. Whether or not that is the case can be debated, but nearly every IT admin is currently implementing wireless infrastructure and it needs to be secure. The process involves connecting the WiFi network to the core directory service. User credentials are securely passed through the infrastructure and access is only granted if those credentials are valid. The benefit to IT organizations is that only users who are a part of the user directory can access the network. An unscrupulous person who has figured out the SSID and passphrase cannot log in to the network unless they also have an authenticated identity on the network. This step is a significant increase in security and one that many IT organizations should be implementing.
The challenge for IT is that implementing FreeRADIUS can be time-consuming and difficult. The integration between the WiFi access points and FreeRADIUS presents a significant problem. The other problem is connecting FreeRADIUS to the directory service. Devices are authenticated via RADIUS through the use of a software solution called a supplicant. The supplicant resides on each device and securely passes a user’s credentials to the FreeRADIUS server. Because of the implementation and on-going maintenance required for this infrastructure, IT admins often will search for a SaaS-based FreeRADIUS service. The Directory-as-a-Service® platform embeds RADIUS-as-a-Service as a key part of its functionality. Because the solution also serves as a cloud directory service, there are at least two less components that IT admins need to manage in the scenario where WiFi authentication is occurring against the directory service.
If you would like to learn more about how you can leverage JumpCloud’s SaaS-based FreeRADIUS functionality, drop us a note. We’d be happy to discuss it with you. Alternatively, feel free to give JumpCloud a try. Your first 10 users are free forever.