A core part of the authentication process for networks and network infrastructure equipment is a solution called FreeRADIUS. RADIUS is a central networking authentication protocol that was created in the early 1990s. FreeRADIUS, an open source platform, was created in 1999. Since then, it has been widely credited as being the most popular RADIUS server. FreeRADIUS is positioned as a middleware solution, helping to control user access to networking equipment. The open source solution can serve as a user management system itself or connect to a user directory service.
The FreeRADIUS platform has been leveraged by organizations to authenticate switches, routers, VPNs, and other networking equipment. Many Internet Service Providers (ISPs) leverage the functionality a great deal. Ops organizations started to extensively use the open source software solution as their networks expanded. Still, FreeRADIUS is a highly technical solution, so strong technical skills and experience are generally required to operate it. Over the past several years, FreeRADIUS has seen strong uptake as the middleware solution between the WiFi infrastructure and the directory service. IT organizations realized that the use case would significantly increase the security of the WiFi network.
Here’s how the process works: WiFi access points authenticate users with the FreeRADIUS server. User credentials are sent over a variety of different protocols. The user’s device has a piece of software called a supplicant where their credentials are input. Those credentials are encapsulated in the secure protocol and passed along to FreeRADIUS for authentication. Often, the RADIUS server is connected to the directory service. The RADIUS server passes the user credentials on and the directory service responds after checking the validity of the user’s credentials. By authenticating the user to the WiFi network through the core user store, IT organizations see a dramatic increase in security. Users can’t login with the shared SSID and passphrase; their unique credentials are required as well. For notoriously unstable WiFi networks, that is a welcome step-up in security.
A new generation of FreeRADIUS solutions is emerging, whereby the server is included in a SaaS-based cloud directory services platform. The SaaS-based FreeRADIUS offering eliminates the need for IT admins to install, configure, integrate, and maintain FreeRADIUS within their IT network. Instead, a virtual multi-tenant FreeRADIUS server is setup in the cloud that WiFi access points authenticate against. The cloud-hosted RADIUS approach increases security and eliminates work.