RADIUS 2FA - Security Boulevard


As IT organizations leverage VPNs and WiFi, many are trying to level up their security to access network resources. Traditionally, the necessary physical proximity of users to the network effectively added a second factor to security to the authentication process. But now, with users accessing far flung networks from anywhere in the world, IT admins and DevOps engineers are looking to level up security through RADIUS 2FA (two factor authentication) capabilities.

Why 2FA?

2FA works by adding a second factor—often a pin or token—that is entered at the time of log in, usually along with a user’s credentials. Of course, the use of 2FA in just about any situation is a positive. While the extra step to authentication may cause end users to complain, the truth is that adding an additional factor to any login dramatically reduces the chances of a breach or identity compromise.

DevOps Experience

The addition of a second factor for access to networks via VPNs can be game changing. Modern uses of VPNs include connecting users to their production infrastructure and/or development and staging environments in the cloud. These “networks” house some of an organization’s most valuable data and applications, so adding a second factor to the authentication process makes a lot of sense.

Traditional Network Security

Historically, VPNs have preferred to authenticate users leveraging the RADIUS protocol. Usually, IT admins or DevOps engineers backend their VPN infrastructure with a RADIUS server, which bridges authentication to the core identity provider, often Microsoft® Active Directory®.

The challenge with RADIUS has been that there are a number of additional components required to implement, along with extensive configurations, and integration with networking gear and the directory service. Ultimately, with all of these moving parts, a RADIUS infrastructure can be brittle.

RADIUS 2FA Solution

The good news is that as more and more IT management infrastructure moves to the cloud, there is a solution that IT admins can leverage that is a cloud hosted RADIUS server with 2FA capabilities. DevOps engineers and IT admins point their VPN or WiFi network to this virtual RADIUS-as-a-Service, which has an integrated (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at: https://jumpcloud.com/blog/radius-2fa

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

zach-demeyer has 492 posts and counting.See all posts by zach-demeyer