FreeRADIUS: Acing a secure connection

• Scott Sidel
• Published: 15 Nov 2007

Secure access to network resources requires a few "A's," -- authentication, authorization and accounting, often referred to as a "triple A." Authentication is accomplished with identity credentials, such as passwords, tokens, or digital certificates. Authorization provides specific services, and accounting tracks the use of network resources by users. To manage this centrally, SMBs and large organizations alike use software that supports the Remote Authentication Dial-In User Service (RADIUS) protocol.

Despite the "dial-in" portion of its name, RADIUS has moved well beyond dial-in to become a staple for secure wireless authentication for Linux and Windows networks. RADIUS provides corporations with a central database that is shared among remote servers. User profiles are maintained on this database, and can be distributed to enterprise servers for authentication lookups. This simplifies administration and improves security, because user access policies can be managed at a single logical point in the network.

For more information: In this Q&A, Mike Chapple discusses some key components that will protect your wireless network from spyware, and other malicious code. Learn what critical issues need to be addressed when determining if a database is hosted on a secure platform. Application security pro Michael Cobb explains how to secure sensitive Web site data that is sent across the Internet.

FreeRADIUS provides support for SQL, LDAP, RADIUS proxying, failover and load balancing. It also has connectors for many types of back-end databases. On the client side, it performs authentications via the PAP, CHAP, MS-CHAP, EAP-MD5, EAP-GTC, EAP-TLS, EAP-TTLS, PEAPv0, LEAP, EAP-SIM and digest authentication protocols. With its ability to proxy, support for pluggable authentication modules and Linux virtual servers, FreeRADIUS rivals and exceeds capabilities found in commercial products, such as Cisco ACS and Microsoft IAS.

The FreeRADIUS server is bundled with enterprise Linux packages, such Red Hat Linux, making installation as easy as checking a box. It is also available via most popular Linux repositories, which can install it simply by clicking on an install button. It's also easy to administer, using a customizable PHP-based Web-based user administration tool. For those who only run Windows, there is also a Win32 distribution based on the FreeRADIUS source.

FreeRADIUS offers a high level of performance and availability for the three As across heterogeneous networks. It is modular, extensible, and is extremely well supported. You would be hard-pressed to find a better infrastructure product at any price.

About the author:
Scott Sidel is an ISSO with Lockheed Martin.