RADIUS authentication has been proven to significantly enhance network security. The challenge is that RADIUS servers have historically been on-prem implementations that are typically ancillary to an on-prem identity management infrastructure. This legacy approach can feel antiquated in the modern era of cloud computing. As a result, many IT organizations have chosen to leverage a web-based RADIUS server instead. How is this possible? Read on for an in-depth explanation, but let’s start with the basics.
What is RADIUS?
The Remote Authentication Dial-In User Service, otherwise known as RADIUS, is a network authentication protocol that is used to manage user access to remote networks. When paired with a core identity provider (a.k.a., a directory services platform), RADIUS offers centralized authentication, authorization, and accounting for requests sent over a network. The key advantage with RADIUS authentication is that IT can leverage core user identities to manage access to a RADIUS-protected network on an individual basis. In doing so, IT can ensure that only the correct users can access the RADIUS-enabled network.
What is a RADIUS Server and How Does it Work?
A RADIUS server is essentially a server that is dedicated to RADIUS authentication. RADIUS authentication follows the client/server model. In this model, the client is any RADIUS-enabled networking device, and the server is the RADIUS server.
As previously mentioned, RADIUS servers are typically adjunct to a core directory database (a.k.a., an identity provider). This enables the RADIUS server to leverage the core directory database as the source of truth for authenticating user identities. At a high level, when a user attempts to access a RADIUS-protected network, they are challenged to provide the username and password that is associated with their core user identity (which is stored in the core directory database). Upon submission, the user credentials are routed from the client to a RADIUS-enabled WAP or switch via a supplicant, then onto the RADIUS server for authentication. Once received, the RADIUS server then authenticates the user credentials against the core directory database.
Essentially, if the credentials submitted by the user attempting to (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Vince Lujan. Read the original post at: https://jumpcloud.com/blog/web-based-radius-server/