{"id":46792,"date":"2020-07-04T09:00:00","date_gmt":"2020-07-04T15:00:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=46792"},"modified":"2020-07-02T14:04:34","modified_gmt":"2020-07-02T20:04:34","slug":"radius-event-logging","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/radius-event-logging","title":{"rendered":"Can I Log All RADIUS Authentications Across My Organization?"},"content":{"rendered":"\n

In any compliance endeavor, IT administrators need to prove to auditors that their network is as secure as possible. Many admins turn to the Remote Authentication Dial In User Service (RADIUS)<\/a> protocol to require unique credentials for each user in secure network authentication.\u00a0<\/p>\n\n\n\n

Although effective for securing access, RADIUS authentications still need to be tracked to provide an audit trail. In order to fully prove compliance, IT admins need an event logging solution that ties into their RADIUS service.<\/p>\n\n\n\n

Using RADIUS for Compliance<\/h2>\n\n\n\n

Although the scope of compliance regulations differs by industry and governing body, they all generally revolve around ensuring that confidential data is kept safe from unauthorized access. In addition to other key security features, most regulations require that organizations record and monitor resource access events to provide evidence of compliance.<\/p>\n\n\n\n

Among the most critical of these monitored resources is the network. After all, access to the network enables users to access the various tools and data they\u2019re authorized to use. To prove compliance, admins need to show that their network is gated and the entrants tracked.<\/p>\n\n\n\n

That\u2019s where RADIUS comes in. A RADIUS server syncs with an organization\u2019s directory \u2014 either stored on board or sourced from an identity provider (IdP) \u2014 to require that each user presents unique identification upon access to the network. Admins can also use RADIUS to control access to virtual private networks (VPNs)<\/a> and automatically segment traffic to different virtual local area networks (VLAN)<\/a>.\u00a0<\/p>\n\n\n\n

With RADIUS in place, users must be known entities to access the core network and its subsequent intricacies. From a compliance perspective, RADIUS covers multiple key requirements, especially when organizations have tooling in place for RADIUS event logging.<\/p>\n\n\n\n

Logging RADIUS Events<\/h2>\n\n\n\n

RADIUS event logging comes in several forms depending on how the protocol is implemented.<\/p>\n\n\n\n

FreeRADIUS<\/h3>\n\n\n\n

The open-source RADIUS implementation provides free RADIUS capabilities for those with the server hardware and technical ability to set it up. During the setup process, admins create folders for server log storage, which can be queried later on to view event logs.\u00a0<\/p>\n\n\n\n

For compliance, this raw data will need to be exported and manipulated to present to auditors, whether documented or visualized in an analytics solution. Additionally, with multiple servers required for failover purposes, admins will need to pull data from each server individually \u2014 a tedious task when swamped with other compliance to-dos. Log data will also need to be sessionized so that each user is tracked in their entirety.<\/p>\n\n\n\n

Windows\u00ae<\/sup> Network Policy Server (NPS)<\/h3>\n\n\n\n

The RADIUS proxy server included with Windows Server allows for integration into the Microsoft\u00ae<\/sup> Active Directory\u00ae<\/sup> IdP, tying network access control into the same tool many admins use to manage the majority of their environments. Since NPS falls under the Windows umbrella, its event logs can be accessed through Windows Event Viewer.<\/p>\n\n\n\n

Some admins, however, need a new RADIUS implementation following the sunsetting of an older Windows Server version or an organizational shift to the cloud. What options exist for them?<\/p>\n\n\n\n

RADIUS-as-a-Service<\/h3>\n\n\n\n

Admins can employ a cloud-hosted RADIUS service, or RADIUS-as-Service<\/a>, to accomplish the security benefits of a RADIUS server without having to set up or maintain that physical server. Combining RADIUS-as-a-Service with a cloud directory service, or Directory-as-a-Service\u00ae<\/sup><\/a>, enables organizations to log events across RADIUS and many other endpoints through Directory Insights\u2122.<\/p>\n\n\n\n

Event Logging with Directory Insights<\/h2>\n\n\n\n

Directory Insights<\/a> is a premium service available with the JumpCloud\u00ae<\/sup> Directory-as-a-Service platform, providing at-a-glance access event data across:\u00a0<\/p>\n\n\n\n