As IT organizations leverage VPNs and WiFi, many are trying to level up their security to access network resources. Traditionally, the necessary physical proximity of users to the network effectively added a second factor to security to the authentication process. But now, with users accessing far flung networks from anywhere in the world, IT admins and DevOps engineers are looking to level up security through RADIUS 2FA (two factor authentication) capabilities.
2FA works by adding a second factor—often a pin or token—that is entered at the time of log in, usually along with a user’s credentials. Of course, the use of 2FA in just about any situation is a positive. While the extra step to authentication may cause end users to complain, the truth is that adding an additional factor to any login dramatically reduces the chances of a breach or identity compromise.
The addition of a second factor for access to networks via VPNs can be game changing. Modern uses of VPNs include connecting users to their production infrastructure and/or development and staging environments in the cloud. These “networks” house some of an organization’s most valuable data and applications, so adding a second factor to the authentication process makes a lot of sense.
Traditional Network Security
Historically, VPNs have preferred to authenticate users leveraging the RADIUS protocol. Usually, IT admins or DevOps engineers backend their VPN infrastructure with a RADIUS server, which bridges authentication to the core identity provider, often Microsoft® Active Directory®.
The challenge with RADIUS has been that there are a number of additional components required to implement, along with extensive configurations, and integration with networking gear and the directory service. Ultimately, with all of these moving parts, a RADIUS infrastructure can be brittle.
RADIUS 2FA Solution
The good news is that as more and more IT management infrastructure moves to the cloud, there is a solution that IT admins can leverage that is a cloud hosted RADIUS server with 2FA capabilities. DevOps engineers and IT admins point their VPN or WiFi network to this virtual RADIUS-as-a-Service, which has an integrated (Read more...)