FreeRADIUS: Acing a secure connection

Secure access to network resources requires a few "A's," -- authentication, authorization and accounting, often referred to as a "triple A." Authentication is accomplished with identity credentials, such as passwords, tokens,

    Requires Free Membership to View

    Login

or digital certificates. Authorization provides specific services, and accounting tracks the use of network resources by users. To manage this centrally, SMBs and large organizations alike use software that supports the Remote Authentication Dial-In User Service (RADIUS) protocol.

Despite the "dial-in" portion of its name, RADIUS has moved well beyond dial-in to become a staple for secure wireless authentication for Linux and Windows networks. RADIUS provides corporations with a central database that is shared among remote servers. User profiles are maintained on this database, and can be distributed to enterprise servers for authentication lookups. This simplifies administration and improves security, because user access policies can be managed at a single logical point in the network.

For more information:
In this Q&A, Mike Chapple discusses some key components that will protect your wireless network from spyware, and other malicious code.

Learn what critical issues need to be addressed when determining if a database is hosted on a secure platform.

Application security pro Michael Cobb explains how to secure sensitive Web site data that is sent across the Internet.
Yet there's a way to make a good thing even better. FreeRADIUS is the premiere version of RADIUS, an open source RADIUS server licensed under General Public License (GNU) version 2. It supports the authentication, authorization and accounting needs of sites with 10 users to tens of thousands of users, and it can also be found in carrier-class deployments with millions of users.

FreeRADIUS provides support for SQL, LDAP, RADIUS proxying, failover and load balancing. It also has connectors for many types of back-end databases. On the client side, it performs authentications via the PAP, CHAP, MS-CHAP, EAP-MD5, EAP-GTC, EAP-TLS, EAP-TTLS, PEAPv0, LEAP, EAP-SIM and digest authentication protocols. With its ability to proxy, support for pluggable authentication modules and Linux virtual servers, FreeRADIUS rivals and exceeds capabilities found in commercial products, such as Cisco ACS and Microsoft IAS.

The FreeRADIUS server is bundled with enterprise Linux packages, such Red Hat Linux, making installation as easy as checking a box. It is also available via most popular Linux repositories, which can install it simply by clicking on an install button. It's also easy to administer, using a customizable PHP-based Web-based user administration tool. For those who only run Windows, there is also a Win32 distribution based on the FreeRADIUS source.

FreeRADIUS offers a high level of performance and availability for the three As across heterogeneous networks. It is modular, extensible, and is extremely well supported. You would be hard-pressed to find a better infrastructure product at any price.

About the author:
Scott Sidel is an ISSO with Lockheed Martin.

This was first published in November 2007

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top