![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/warning-icon.png\"){kind=icon}
<\/p><\/div>
Warning:<\/strong> \nUnless you are configuring RADIUS MFA for VPN, JumpCloud discourages using using non-TLS-based RADIUS protocols and instead recommends using TLS-based authentication protocols (PEAPv0\/MS-CHAPv2<\/code>, EAP-TTLS\/PAP<\/code>, and EAP-TLS<\/code>).<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
Identifying Insecure Protocols<\/h2>\n\n\n\n\n- Log in to the JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
- Go to INSIGHTS <\/strong>> Directory Insights<\/strong>. <\/li>\n\n\n\n
- In the Event Type<\/strong> filter, select radius_auth_attempt<\/strong>.<\/li>\n\n\n\n
- Search for
PAP<\/code> vulnerabilities:![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/09\/Search-for-PAP.png\")
\n\n- In the Search <\/strong>bar, enter \u201c
PAP<\/code>\u201d and run a report.<\/li>\n\n\n\n Click export<\/strong> and then export the report as a JSON <\/strong>file.<\/li>\n\n\n\nInspect the JSON file and search for \u201cauth_type\u201d: \u201dPAP\u201d<\/code>.
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/09\/auth-type-JSON-pap.png\")
<\/li>\n<\/ol>\n<\/li>\n\n\n\nSearch for MS-CHAP<\/code> vulnerabilities:![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/09\/search-for-MSCHAP.png\")
\n\n- In the Search <\/strong>bar, enter \u201c
MS-CHAP<\/code>\u201d and run a report.<\/li>\n\n\n\n Click export<\/strong> and then export the report as a JSON <\/strong>file.<\/li>\n\n\n\nInspect the JSON file and search for \u201cauth_type\u201d: \u201dMS-CHAP\u201d<\/code>.
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/09\/check-MSCHAP-vulnerable-auth-type-JSON.png\")
<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n\n\n\n![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\")
<\/p><\/div>
Note:<\/strong> \nWhen looking through the JSON file to find insecure protocol types, make sure you look for the auth_type<\/code>, and ignore the eap_type<\/code>.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
\n- If you identify insecure protocols in your device fleet, please switch to the secure TLS-based RADIUS authentication protocols (
PEAPv0\/MS-CHAPv2<\/code>, EAP-TTLS\/PAP<\/code>, and EAP-TLS<\/code>).<\/li>\n<\/ol>\n\n\n\n![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/important-icon.png\")
<\/p><\/div>
Important:<\/strong> \nAny resulting non-TLS PAP<\/code> or MS-CHAP<\/code> authentication types are indicative of insecure protocols and should be switched to TLS-based RADIUS authentication protocols as soon as possible. <\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
Managing Insecure Protocols<\/h2>\n\n\n\nBlock Insecure Protocols<\/h3>\n\n\n\n
You can use the JumpCloud Admin Portal to restrict insecure RADIUS authentication protocols from being used on any future network configurations. <\/p>\n\n\n\n
To block insecure RADIUS protocols: <\/p>\n\n\n\n
\n- Log in to the JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
- Go to USER AUTHENTICATION <\/strong>> RADIUS<\/strong>.<\/li>\n\n\n\n
- Select the RADIUS network configuration you want to change. The RADIUS details tab displays.<\/li>\n\n\n\n
- Click the Authentication <\/strong>tab. <\/li>\n\n\n\n
- Select Require secure protocols<\/strong> to restrict the use of non-TLS-based network authentication protocols.<\/li>\n\n\n\n
- Click Save<\/strong>.
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/09\/RadiusDisableInsecureProtocols_screenshot.png\")
<\/li>\n<\/ol>\n\n\n\nMitigate Risk Using Insecure Protocols<\/h3>\n\n\n\nIf your integration or equipment only supports insecure, non-TLS-based legacy protocols, use Directory Insights to try and mitigate your risk by monitoring RADIUS access and enforcing the following security measures for all users:<\/p>\n\n\n\n
\n- Require multi-factor authentication (MFA) enrollment for accessing the User Portal.<\/li>\n\n\n\n
- Ensure users are enrolled in MFA.<\/li>\n\n\n\n
- Enable a password policy with a regular rotation interval. <\/li>\n<\/ul>\n\n\n\n
<\/p><\/div>
Note:<\/strong> \nJumpCloud does not recommend using MFA with RADIUS, especially for WiFi configurations. The recommendation for MFA enrollment is intended for use of non-RADIUS resources such as securing the User Portal.<\/p>\n\n\n\n
For more information, see <\/p>\n\n\n\n
\n- Get Started: MFA<\/a><\/li>\n\n\n\n
- Manage Password and Security Settings<\/a><\/li>\n<\/ul>\n <\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"
Blast-RADIUS is a vulnerability inherent in the RADIUS authentication protocols PAP and MS-CHAP that can compromise the security of your […]<\/p>\n","protected":false},"author":201,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[],"support_tag":[],"coauthors":[2835],"acf":[],"yoast_head":"\n
Manage Insecure RADIUS Protocols - JumpCloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/manage-insecure-radius-protocols\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Manage Insecure RADIUS Protocols\" \/>\n<meta property=\"og:description\" content=\"Browse the JumpCloud Help Center by category, search for a specific topic, or check out our featured articles.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/manage-insecure-radius-protocols\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2024-09-17T14:23:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/09\/Search-for-PAP.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"alexsnyder\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/manage-insecure-radius-protocols\",\"url\":\"https:\/\/jumpcloud.com\/support\/manage-insecure-radius-protocols\",\"name\":\"Manage Insecure RADIUS Protocols - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/manage-insecure-radius-protocols#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/manage-insecure-radius-protocols#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/09\/Search-for-PAP.png\",\"datePublished\":\"2024-09-05T20:10:01+00:00\",\"dateModified\":\"2024-09-17T14:23:05+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/manage-insecure-radius-protocols#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/manage-insecure-radius-protocols\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/support\/manage-insecure-radius-protocols#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/09\/Search-for-PAP.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/09\/Search-for-PAP.png\",\"width\":1964,\"height\":598},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/manage-insecure-radius-protocols#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Manage Insecure RADIUS Protocols\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Manage Insecure RADIUS Protocols - JumpCloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/manage-insecure-radius-protocols","og_locale":"en_US","og_type":"article","og_title":"Manage Insecure RADIUS Protocols","og_description":"Browse the JumpCloud Help Center by category, search for a specific topic, or check out our featured articles.","og_url":"https:\/\/jumpcloud.com\/support\/manage-insecure-radius-protocols","og_site_name":"JumpCloud","article_modified_time":"2024-09-17T14:23:05+00:00","og_image":[{"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/09\/Search-for-PAP.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes","Written by":"alexsnyder"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/manage-insecure-radius-protocols","url":"https:\/\/jumpcloud.com\/support\/manage-insecure-radius-protocols","name":"Manage Insecure RADIUS Protocols - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/support\/manage-insecure-radius-protocols#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/support\/manage-insecure-radius-protocols#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/09\/Search-for-PAP.png","datePublished":"2024-09-05T20:10:01+00:00","dateModified":"2024-09-17T14:23:05+00:00","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/manage-insecure-radius-protocols#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/manage-insecure-radius-protocols"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/support\/manage-insecure-radius-protocols#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/09\/Search-for-PAP.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/09\/Search-for-PAP.png","width":1964,"height":598},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/manage-insecure-radius-protocols#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Manage Insecure RADIUS Protocols"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/115348"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/201"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/115348\/revisions"}],"predecessor-version":[{"id":115574,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/115348\/revisions\/115574"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=115348"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=115348"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=115348"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=115348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}