As part of the centralized authentication server, the radius server can also be utilized to performing accounting tasks. By centralizing the password management, a RADIUS will enable a network’s level of security to increase dramatically.
Radius hardware and software are sold by various vendors. Hence, users must exercise caution in their selection of the materials they intend to use in their systems.
Most wireless infrastructure utilize the 802.1X authentication scheme to remain secure. This helps enable users to have control of the authentication credentials and track or account the usage of wireless LAN. If users have to set up everything, this can become a very complicated endeavor and that is when an important aspect is often overlooked – the radius server security itself.
As the key to the entire operation, neglecting the radius server can be detrimental. Basically, it is the radius server that controls access within a given network. Plus, it also supplies the keys in order to encrypt a particular station’s traffic.
The system used for the radius server must first be secured. Users can use various techniques to this end, but the most basic approach that can be done is to use single server for this task. By doing this, the exposure of the radius server is limited. This will help avoid any vulnerability from other services and compromising the radius server.
Users must restrict the form of communication that goes through the radius server. Before operations. the radius server must be authenticated within the backend and NAS or Network Access Servers. In order to increase security within the network, users can opt to enforce firewall rules. This limits the number of systems that communicate within your radius server.
Aside from the radius server, the authentication backend and the Aps must also be protected using encryption.
The RADIUS shared secret is very important. This will be utilized by the radius server and NAS devices to secure traffic between both devices. However, users could also use an extra layer of defense between the server and APs by using the IPsec. If not, then it is best to have unique shared secrets for either APs. Also, when deciding on a password, make sure to choose a strong one so try including numbers, letters, or symbols. And if there is a maximum length allowed by your radius server, make sure to keep it at the maximum.