Tips, tricks and other information about FreeRADIUS and AAA.
In order to create more secure systems, standards such as FIPS-140 2 are being more widely used. The FIPS standard provides for limits on which cryptographic protocols can be used, along with limits on the way that those protocols can be used. The standard also provides a process for validating and certifying software implementations.
The current Covid-19 crisis has created an unprecedented situation for businesses. More people are working remotely than ever before, in order to maintain corporate productivity in the face of this crisis. This remote access applies to Enterprises, Government agencies, Universities, and every other type of business.
Even though clients may prefer to configure their own system, some clients are unsure of how to configure a RADIUS server. Although the process can be complex, clients can learn how to setup a RADIUS server themselves. Alternatively, our team of experts is happy to set up a RADIUS configuration for any business.
We were called in to help our client who had database performance issues with their custom schema and queries. We made updates to the database tables and indices and reconfigured the RADIUS server appropriately. The output meant a 300 times increase in the performance of the original system with no customer application updates required.
RADIUS server installation is more involved than just setting up a few software packages. The default RADIUS products are intended to be the basis for a customized local configuration.
RADIUS accounting collects data for statistical purposes and network monitoring and is also employed to enable accurate billing of users.
During the process where the user requests access to the RADIUS server, RADIUS authorization and authentication happen simultaneously. An “authentication request” occurs when the Network Access Server (NAS) sends a request to the RADIUS server.
RADIUS authentication starts when the user requests access to a network resource through the Remote Access Server (RAS). The user submits a username and a password, which are encrypted by the RADIUS server before being sent through the authentication process. The request may also include additional user information, such as location or network address.
Release packages are available for Debian, Ubuntu and CentOS 7.
These packages are from the official “3.0.19” release, and will track all new versions of FreeRADIUS. The release packages are also integrated into our new Jenkins driven, dockerised, workflow. Packages should be available as soon as a new version has been released.
The benefits of a RADIUS server on the efficiency of an entire network are wide-reaching. Although some businesses are unaware of the advantages of a RADIUS server as opposed to a pre-shared key, others have long benefited from the increased speed of RADIUS servers, as well as their ability to heighten security, to enhance reporting and tracking capabilities, and to personalize restrictions based on the user.
One of our clients with a support contract had performance issues. We tracked this down to inefficient usage of AAA policies. Having tuned the policies the load on our client’s database dropped by a factor of 400 which saved them from an expensive hardware upgrade.
One of our clients had customer-visible issues in their 802.1X deployment. We tracked the problem down to firmware issues and worked with multiple vendors to fix the issues and more. This meant that our client was satisfied that their setup met all requirements.
We believe that standards compliance is critical for customer satisfaction and vendor interoperability. Systems that follow standards have known, documented behavior, so there are few surprises.
We have extensive experience in the WiFi roaming arena, and we are actively involved in vendor forums. Proxying is a key part of most RADIUS infrastructures. We foster relationships with numerous companies that provide roaming and proxying RADIUS help.
Building a RADIUS system that can handle 10 million users takes time. Our experienced team can work with you to design a customized solution using your desired hardware and Operating System to achieve that goal.
A RADIUS server utilizes a central database to authenticate remote users. RADIUS functions as a client-server protocol, authenticating each user with a unique encryption key when access is granted. How a RADIUS server works depends upon the exact nature of the RADIUS ecosystem. Below is an overview of how RADIUS servers work.
A case study on how we redesigned our client’s system to improve the RADIUS server’s database, which had lost performance over time. The database performance was restored, even with ten times the amount of data, and our client did not need to replace any systems.
LDAP databases are typically used by enterprises, though some ISPs also use them. The common implementations are Active Directory and OpenLDAP. We have extensive experience with both.
Undertaking 802.1X setup is a daunting experience for many organizations. There are detailed requirements on end-user PCs, switches, servers, certificates, and more. If any of these requirements are not met, your 802.1X setup will not work.
Most telecommunications companies and internet service providers (ISPs) use SQL databases to store the bulk of their user information. Whether the database is MySQL, Oracle, or PostgreSQL, we can help. We can optimize both the database and its interaction with the RADIUS server.
A case study on how Network RADIUS were able to assist a client to increase the stability of their RADIUS proxy system. We were able to reuse common configuration, maintain existing capabilities and make proxying more robust. A faster failover and more reliable system helped lower ongoing costs and increase revenue.
A case study on how Network RADIUS were able vastly improve the performance of a client’s RADIUS server, enabling them to move the system into production.
RADIUS is the core of our business. We have world-leading experience with the protocol. We can help you with all aspects of Authentication, Authorization, and Accounting.
So you decided that whatever you were using for network security wasn’t getting the job done… either it didn’t scale with the growth in your user base, devices, or network design, or it was hindering your organization’s productivity. Or maybe you suffered a security breach. Whatever the case, you decided to make the jump to RADIUS authentication, and you’ve implemented a RADIUS server.
We have already looked at authentication and authorization. In this third article, we’ll take a look at the accounting process, the process of monitoring and recording a client’s use of the network, and we’ll describe why it’s essential that the RADIUS server monitors user activity on the network.
The first article in our series described the authentication process, whereby the RADIUS server prevents unauthorized users from accessing the system.
In today’s article, we’ll examine the second link in the RADIUS security chain: authorization.
RADIUS security is composed of three components: authentication, authorization, and accounting. These three links in the RADIUS security chain are often referred to by their acronym, “AAA”. The first of these, authentication, is the process that determines whether a client (a person, a device, or a software process) is a legitimate user of the system.
When setting up a WiFi network at home, you typically set up an SSID and password, accept the defaults for any other options, and be done with it. (In some cases, these are done for you by your service provider — you don’t even have to think.) You share the password with family and visitors, and everyone is happy.
Log In