How does RADIUS Authorization work? During the process where the user requests access to the RADIUS server, RADIUS authorization and authentication happen simultaneously. An “authentication request” occurs when the Network Access Server... Network Security Protocols
How one-time passwords work One-time passwords (OTP) and multi-factor authentication (MFA) are important mechanisms used to improve security. Both these strategies can combine the username and password credentials with a one-tim... Network Security Best Practices Network Security Protocols
Is NTLM secure? While Active Directory is widely used, it has still uses insecure protocols such as NTLM. The important question many people ask is “Does turning off NTLM increase security”? The answer is “maybe”, or... Network Security Best Practices Network Security Protocols Security Threats and Vulnerabilities
How to connect FreeRADIUS to Active Directory for authentication Active Directory is widely used in the enterprise and university systems. This article describes how to connect FreeRADIUS with Active Directory, allowing you toauthenticate users against your existin... Network Security Best Practices Network Security Protocols
IETF Bangkok 122 recap: What we're doing to advance RADIUS standards I've recently returned from IETF Bangkok, the Internet Engineering Task Force (IETF) 122 meeting, where I spent a week working with implementers, operators, and standards authors who are defining the ... Network Security Protocols
Using FreeRADIUS with FIPS mode on compliant systems In order to create more secure systems, standards such as Federal Information Processing Standard 140-2 ( FIPS-140) are being more widely used. The FIPS standard provides for limits on which cryptogra... Network Security Protocols
How to set up a wireless RADIUS server for secure Wi-Fi authentication When setting up a Wi-Fi network at home, you typically set up an SSID and password, accept the defaults for any other options, and be done with it. (In some cases, these are done for you by your servi... Network Security Protocols
Separating Authentication from your RADIUS Accounting server Many ISP networks and enterprise environments handle both Authentication and Accounting functions through the same RADIUS servers anddatabases. While this configuration works well for small and low-lo... Network Security Best Practices Network Security Protocols
RADIUS Insecurity RADIUS is almost thirty years old, and uses cryptography based on MD5. Given that MD5 has been broken for over a decade, what are the implications for RADIUS? Why is RADIUS still using MD5? RADIUS sti... Network Security Protocols
Introducing RADIUS 1.1 RADIUS has a problem. The name of the problem is MD5. The MD5 hash algorithm was defined in 1991, and was used in RADIUS in 1993. However, MD5 is no longer secure. It is a bit of a miracle that RADIUS... Network Security Best Practices Network Security Protocols
Looking Forward to IETF 122 We have been involved in the Internet Engineering Task Force (IETF) for a few decades now. During that time, we have written many of the RADIUS standards. We are still involved in the standards proces... Network Security Protocols
Why you should separate historical data from live data Live operational data and historical archive data should be stored in separate databases. The live database stays small and fast for real-time Authentication and Accounting, while the archive database... Network Security Best Practices Network Security Protocols