What is RADIUS?<\/h2>\n\n\n\n
At its most basic, RADIUS is an acronym for Remote Authentication Dial In User Service. The \u201cDial In\u201d part of the name shows RADIUS\u2019s age: it\u2019s been around since 1991. <\/p>\n\n\n\n
However, today RADIUS is widely used to authenticate and authorize users to remote Wi-Fi networks, VPNs, network infrastructure gear, and more. It manages connections between your network and remote servers, VPN connections, wireless access points, and managed network access switches. <\/p>\n\n\n\n
This process is generally completed with the WPA2 enterprise protocol on wireless access points (WAPs). Each user provides their SSID and passphrase to gain access to the network. <\/p>\n\n\n\n
But it isn\u2019t just remote network access that IT organizations are looking to leverage RADIUS for. RADIUS can be applied to on-premises networks, dramatically enhancing network security.<\/p>\n\n\n\n
How RADIUS Improves Wi-Fi Security<\/h2>\n\n\n\n
RADIUS pairs with directory services solutions like Microsoft Active Directory (AD) or OpenLDAP to fortify security for wireless networks. In order to access a wireless network secured by RADIUS, the user must provide their own unique, core set of credentials. <\/p>\n\n\n\n
Typically, the credentials a user has for their work system are the same ones they will use to log in to the network. These credentials move from the user\u2019s desktop, laptop, or mobile device to the Wi-Fi access point and then on to the RADIUS server, to be matched to the credentials stored in the directory service. <\/p>\n\n\n\n
RADIUS historically uses one of three authentication protocols<\/a> to do this:<\/p>\n\n\n\n Note:<\/strong> Note: Some RADIUS servers can also store your end user credentials natively, but usually, the core identity for a user is stored within an organization\u2019s identity provider, rather than a single protocol server such as a RADIUS server.<\/p><\/div><\/div><\/div>\n\n\n\n With RADIUS in place, you no longer need to worry about bad actors stealing your network SSID and passphrase from a conference room whiteboard.\u00a0<\/p>\n\n\n\n That is only a portion of the credentials that you need to access the network. Without unique user credentials authenticated by the directory service, a user can\u2019t get on the network. The end result is vastly improved network security. <\/p>\n\n\n\n Modern RADIUS implementations enable network security teams to perform real-time user verifications against cloud identity providers like Azure Active Directory, Okta, and others. This allows organizations to enforce security policies without relying on credential-based security workflows that are susceptible to attack.<\/p>\n\n\n\n For example, credential-based protocols like PEAP-MSCHAPv2 or EAP-TTLS\/PAP may require users to authenticate using their work account passwords. If an attacker uses social engineering to learn a user\u2019s account credentials, they could immediately gain privileged access to the network itself.<\/p>\n\n\n\n A passwordless approach leveraging public-private key cryptography does not have this vulnerability. Even if an attacker learns a user\u2019s account credentials, they won\u2019t be able to authenticate without also tricking the cloud identity provider \u2014 a much more complicated process.<\/p>\n\n\n\n Ultimately, using certificates eliminates the risks associated with poor-quality passwords, reset policies, and forgotten passwords. Automated passwordless authentication helps maintain credential security by reducing the need for passwords in processes where they could be compromised. <\/p>\n\n\n\n For extra security, you can also use RADIUS to implement per-user Virtual Local Area Network (VLAN) tagging. This segments your Wi-Fi network into as many virtual networks as you may need. Then, individual users or groups (think departments in your organization) are assigned to a specific VLAN or VLANs. <\/p>\n\n\n\n That means that even if one of your users or VLANs were compromised, your entire network infrastructure would not be at risk. Each user or group essentially acts as their own VLAN, and the data packets they send on the network remain within the segment that user or group has access to.<\/p>\n\n\n\n Configuring VLAN tags requires setting and maintaining consistent standards. If your VLAN processes and procedures are not standardized, setting up per-user VLAN tagging<\/a> can actually cause more problems than it solves. <\/p>\n\n\n\n Investing in mobile device management<\/a> and network monitoring solutions helps to drive the value of per-user VLAN tagging and ensures the security of RADIUS implementations. Use these tools to make sure the VLAN tagging process does not suffer from mismatched VLAN IDs, overloaded VLANs, or misconfigured switches and trunks.<\/p>\n\n\n\n Traditional on-premises RADIUS implementations come with some steep challenges. The primary issue with standing up a RADIUS server stems from the fact that you need to deploy and configure hardware on your own, then integrate it with many different components in your network.<\/p>\n\n\n\n First, in order for the RADIUS server to know which users can and cannot access the network, you need to integrate it with your directory service. This can be quite a challenge in itself, since not all directory services integrate easily with RADIUS.<\/p>\n\n\n\n Second, you need to define and configure your authentication policies in a way that meets your security needs. You may need to establish processes for user management, logging and auditing<\/a>, and more. You may also need to deploy redundancy measures to ensure the availability of wireless networking security in the face of a security incident.<\/p>\n\n\n\n The bottom line is that it\u2019s time consuming to implement RADIUS within a network if you need to install, configure, and manage all of the pieces yourself. It can require specialist expertise that is not always immediately available \u2014 especially if you wish to benefit from additional security configurations like VLAN tagging.<\/p>\n\n\n\n However, organizations that bypass the on-premises deployment process can leverage the benefits of RADIUS in a much more efficient way. Harnessing cloud technology makes the implementation process much easier.<\/p>\n\n\n\n Cloud RADIUS solutions offer a streamlined path to improved wireless networking security. Instead of making significant upfront investments in hardware and onboarding hard-to-find specialist talent, you can leverage RADIUS as a cloud-delivered application directly.<\/p>\n\n\n\n Here are some of the advantages cloud RADIUS offers to IT leaders who want to secure their wireless networking capabilities:<\/p>\n\n\n\n JumpCloud\u2019s open directory platform includes a Cloud RADIUS<\/a> solution that makes the implementation process painless compared to on-premises alternatives. Just like traditional RADIUS servers, JumpCloud enables boosted network security \u2014 users each leverage their own unique set of credentials to access networks.<\/p>\n\n\n\n The primary difference between Cloud RADIUS and older RADIUS solutions is that JumpCloud has done the hard part for you. We have gone through the process of setting up independent RADIUS servers around the globe, streamlining integration with cloud identity providers, and adding valuable security features like multi-factor authentication and VPN support<\/a>.<\/p>\n\n\n\n Our cloud-delivered service gives you access to a scalable, robust solution for securing wireless networks without compromising the availability of wireless access points for authenticated users. We handle mobile device management and secure user access on wireless networks so that you don\u2019t have to.<\/p>\n\n\n\n The result is that you can enable RADIUS from anywhere and not have to worry about maintenance, security, downtime, resiliency, or redundancy. We take care of all the heavy lifting so you can simply enjoy the benefits of a secure network. <\/p>\n\n\n\n To get started with Cloud RADIUS today, sign up for a free JumpCloud trial<\/a> and learn how to configure RADIUS<\/a> at JumpCloud University.<\/p>\n\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\"\/){kind=icon}
<\/p><\/div>How RADIUS Enhances Credential Security<\/h3>\n\n\n\n
Per-User VLAN Tagging<\/h3>\n\n\n\n
Solving RADIUS Implementation Challenges<\/h2>\n\n\n\n
Cloud-Hosted RADIUS Simplifies Implementation<\/h3>\n\n\n\n
\n
Cloud RADIUS Makes Securing Wi-Fi Easy<\/h2>\n\n\n\n
Try Cloud RADIUS for Free Today<\/h2>\n\n\n\n