MS-CHAP is dead MS-CHAP has been in use since 1998. It was Microsoft's answer to the challenge of authenticating users over networks, built into every version of Windows and deeply embedded in VPN and Wi-Fi infrastru... Network Security Protocols
Command line testing for EAP with FreeRADIUS As part of the process of configuring EAP for FreeRADIUS , you will need to test whether or not it works. If you prefer to use a command line tool rather than clicking through windows, this article wa... FreeRADIUS Technical Guides
My FreeRADIUS server is slow. What's wrong? If you are encountering performance issues with FreeRADIUS, the first thought is usually to blame FreeRADIUS. In fact, it’s always the database which is the source of a system slowdown . Well, maybe n... FreeRADIUS Technical Guides
RADIUS security best practices: How to harden your deployment RADIUS has several well-known security limitations, most of which are easy to mitigate once you know what to do. This guide walks through five common weaknesses in the RADIUS protocol and the practica... IETF and RADIUS Standards
Exposed: National Public Data breach makes a nation’s secrets public The hacking of 270 million social security numbers from National Public Data reinforces the best practice for personal data: always encrypt PII. The cat is out of the bag for National Public Data. In ... Security Threats and Vulnerabilities
Three Reasons to Protect Your Network Against BlastRADIUS There are mixed feelings in the security community about the urgency to protect networks from the BlastRADIUS vulnerability. Why fix a 30-year-old design flaw that can only be exploited by someone alr... Security Threats and Vulnerabilities
How to customize an OEM instance of FreeRADIUS As the most popular RADIUS server in the world, FreeRADIUS is used by many hardware vendors. They ship their products with FreeRADIUS as an embedded or “OEM” product. It is common for them to need som... FreeRADIUS Technical Guides
RADIUS password compatibility This article covers password storage compatibility for RADIUS deployments. You'll findan overview of how the RADIUS protocol works here. In order for RADIUS authentication to work, user passwords need... Network Security Protocols
How authentication protocols work Choosing an authentication protocol is one of the most important decisions when designing a RADIUS ecosystem. There are a variety of authentication protocols to choose from, each with their own set of... Network Security Protocols
PAP vs CHAP: A complete security comparison PAP and CHAP are both RADIUS authentication protocols, but they trade off security in opposite places. PAP transmits passwords between the customer and the NAS in the clear, while allowing passwords t... Network Security Protocols
Is PAP secure? A complete analysis of PAP authentication security PAP is secure when used correctly. Despite the common claim that PAP sends passwords in clear text, in practice PAP passwords are encrypted by the RADIUS shared secret before transmission, and can be ... Network Security Protocols