Managing user access to WiFi Networks via RADIUS can dramatically increase network security in modern IT organizations. The challenge is that RADIUS implementations have historically been costly and difficult to implement and maintain on-prem. Fortunately, a next generation cloud directory services platform has emerged to change that by shifting RADIUS authentication to the cloud.
WiFi is an easy target for attackers. One of the best ways to protect your network is to ensure that only the right users have access. How do you do that? Authenticate each user on an individual basis. This is achievable with RADIUS authentication.
RADIUS is typically implemented in conjunction with a core identity provider (IdP), often called a directory services platform, such as Microsoft® Active Directory® (AD) or OpenLDAP™. At a high level, RADIUS works by routing user requests for network access from a client (e.g. a user system, WAP, or switch) to a dedicated RADIUS server for authentication. A user initiates the authentication process when they attempt to access the RADIUS-enabled network, and subsequently enter the credentials that are associated with their core user identity. The RADIUS server then authenticates the user credentials against the core IdP, which acts as the source of truth for verifying user identities.
Essentially, if the credentials submitted by the user match those associated with their core user identity, which is stored in the core directory services database, the user is authenticated and the RADIUS server will authorize access to the RADIUS-protected network. If the credentials do not match, the RADIUS server will prevent the user from accessing the RADIUS-protected network.
Historically, the challenge for IT organizations has been that RADIUS infrastructure typically had to be built on-prem and maintained by skilled personnel. IT organizations needed to procure dedicated servers, switches, cables, and more. IT also had to configure all of the systems and network infrastructure in their environment to point to the RADIUS server, and maintain the entire identity management infrastructure somewhere on-prem.
This can be a huge obstacle for newer, cloud-forward organizations. Even if you have the existing on-prem (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Vince Lujan. Read the original post at: https://jumpcloud.com/blog/wifi/wifi-networks-via-radius/