A cloud-based RADIUS server would certainly help IT secure wireless networks. The trouble is that RADIUS servers have historically been on-prem implementations that are typically adjunct to an on-prem directory services database and infrastructure. Fortunately, there are next generation cloud identity management platforms available that offer RADIUS authentication as a cloud-based service. We’ll discuss one such solution in this blog post, but let’s start with the basics.
What is RADIUS?
RADIUS is a networking protocol that serves to authenticate and authorize user access to remote networks. The RADIUS protocol follows the client/server model. In this case, the client is any RADIUS-enabled device attempting to connect to a RADIUS protected network and the server is the RADIUS server. RADIUS servers are typically adjunct to a directory services database, otherwise known as the core identity provider. This enables RADIUS servers to leverage the core identity provider as the source of truth for authenticating user access to RADIUS protected networks. The idea behind RADIUS authentication is to leverage core user identities to authenticate and authorize user access to a remote network. The key advantage is that network access can be administered on an individual basis from a core identity provider platform via RADIUS servers that are coupled with an associated directory database.
How does RADIUS work?
At a high level, RADIUS works by routing user requests for network access from a client to a dedicated RADIUS server for authentication. As a user attempts to access a RADIUS protected network from a device such as a laptop, desktop, or other RADIUS-enabled device, they are challenged to provide their unique user credentials. These credentials generally come in the form of the username and password that are associated with their core user identity, which is stored in the core directory database. Upon submission, the user credentials and a request for network access are routed from the client to a RADIUS-enabled WAP or switch via a supplicant – a program responsible for sending network access requests to wireless networks – which is then forwarded to a RADIUS server for authentication. Once received, the RADIUS server authenticates the (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Natalie Bluhm. Read the original post at: https://jumpcloud.com/blog/cloud-based-radius-server/