Problem solve Get help with specific problems with your technologies, process and projects.

FreeRADIUS: Acing a secure connection

Authentication, authorization and accounting are all essential components of achieving secure access to network resources, and according to contributor Scott Sidel, there is a tool available that can not only provide corporations with all three of these elements, but is also easy to install and administer. In this tip, Sidel examines FreeRADIUS, an open source RADIUS server that can help corporations easily secure network access without bursting corporate budget.

Secure access to network resources requires a few "A's," -- authentication, authorization and accounting, often referred to as a "triple A." Authentication is accomplished with identity credentials, such as passwords, tokens, or digital certificates. Authorization provides specific services, and accounting tracks the use of network resources by users. To manage this centrally, SMBs and large organizations alike use software that supports the Remote Authentication Dial-In User Service (RADIUS) protocol.

Despite the "dial-in" portion of its name, RADIUS has moved well beyond dial-in to become a staple for secure wireless authentication for Linux and Windows networks. RADIUS provides corporations with a central database that is shared among remote servers. User profiles are maintained on this database, and can be distributed to enterprise servers for authentication lookups. This simplifies administration and improves security, because user access policies can be managed at a single logical point in the network.

For more information:
In this Q&A, Mike Chapple discusses some key components that will protect your wireless network from spyware, and other malicious code.

Learn what critical issues need to be addressed when determining if a database is hosted on a secure platform.

Application security pro Michael Cobb explains how to secure sensitive Web site data that is sent across the Internet.
Yet there's a way to make a good thing even better. FreeRADIUS is the premiere version of RADIUS, an open source RADIUS server licensed under General Public License (GNU) version 2. It supports the authentication, authorization and accounting needs of sites with 10 users to tens of thousands of users, and it can also be found in carrier-class deployments with millions of users.

FreeRADIUS provides support for SQL, LDAP, RADIUS proxying, failover and load balancing. It also has connectors for many types of back-end databases. On the client side, it performs authentications via the PAP, CHAP, MS-CHAP, EAP-MD5, EAP-GTC, EAP-TLS, EAP-TTLS, PEAPv0, LEAP, EAP-SIM and digest authentication protocols. With its ability to proxy, support for pluggable authentication modules and Linux virtual servers, FreeRADIUS rivals and exceeds capabilities found in commercial products, such as Cisco ACS and Microsoft IAS.

The FreeRADIUS server is bundled with enterprise Linux packages, such Red Hat Linux, making installation as easy as checking a box. It is also available via most popular Linux repositories, which can install it simply by clicking on an install button. It's also easy to administer, using a customizable PHP-based Web-based user administration tool. For those who only run Windows, there is also a Win32 distribution based on the FreeRADIUS source.

FreeRADIUS offers a high level of performance and availability for the three As across heterogeneous networks. It is modular, extensible, and is extremely well supported. You would be hard-pressed to find a better infrastructure product at any price.

About the author:
Scott Sidel is an ISSO with Lockheed Martin.

This was last published in November 2007

Dig Deeper on Open source security tools and software

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.