With an overall move of IT towards cloud-based infrastructure, some are curious if there’s a directory service delivered as-a-Service that they can use to backend RADIUS. RADIUS is one of the most widely used protocols to control access to network and infrastructure.
Many organizations leverage FreeRADIUS as an open source RADIUS server. Regardless of how it’s implemented, RADIUS can be set up as the authentication directory all by itself. Many organizations instead employ a dedicated directory service as the backend source of identities.
Using RADIUS to Lock Down WiFi Access
While RADIUS works with virtually all of your network infrastructure (e.g. switches, routers, VPNs, etc.), let’s focus on one primary use case and benefit: leveraging RADIUS to lock down your WiFi access points.
WiFi is among the most common methods for employees to access the corporate network. One challenge is that a single SSID password for all users, sometimes called a private pre-shared key, is not secure enough.
Organizations need to lock down their networks to keep unauthorized users away from critical data, and the best way to do that is to tie access to individual corporate identities. RADIUS acts as a proxy between a directory of corporate identities and networking equipment, to require a unique identity to access the network.
FreeRADIUS is an open-source installation of RADIUS that can be run on a local server. This makes FreeRADIUS a primary choice for many organizations who want to use RADIUS to secure their WiFi access with little upfront cost.
FreeRADIUS (and RADIUS in general) can also be used to require unique credentials for connections to virtual private networks (VPNs). With recent increases in remote work, securing VPNs for access to office resources is critical to keeping organizational data safe.
Unfortunately, FreeRADIUS can be technically difficult to configure and support as organizations scale. Additionally, organizations need to pay the capital expenses of server hardware (versus smaller operational expenses of an Infrastructure-as-a-Service subscription) to run RADIUS, including building redundancy and failovers.