Importing the root CA The final step to configuring EAP for FreeRADIUS is to add the CA (Certificate Authority) to every client machine tha t performs EAP authentication. Before proceeding with this step, make sure that yo... Network Security Best Practices
Can you use FreeRADIUS and Active Directory together? The short answer is Yes, FreeRADIUS and Active Directory arecompatible with each other . However, there are some constraints and implications for the rest of the system. Like any technology choice, Ac... Network Security Best Practices Network Security Protocols
Configuring FreeRADIUS authentication with PAP (Password Authentication Protocol) Introduction to PAP authentication Password Authentication Protocol (PAP) is one of the most fundamental authentication methods used in Remote Authentication Dial-In User Service (RADIUS). Despite bei... Network Security Best Practices Network Security Protocols
Configuring EAP for FreeRADIUS Once FreeRADIUS has been configured to use PAP , it is straightforward to configure the server to use EAP for authentication. This article will walk through all the necessary steps. Step 1: Install Op... Network Security Best Practices
Command line testing for EAP with FreeRADIUS As part of the process of configuring EAP for FreeRADIUS , you will need to test whether or not it works. If you prefer to use a command line tool rather than clicking through windows, this article wa... Network Security Best Practices
How one-time passwords work One-time passwords (OTP) and multi-factor authentication (MFA) are important mechanisms used to improve security. Both these strategies can combine the username and password credentials with a one-tim... Network Security Best Practices Network Security Protocols
How to connect FreeRADIUS to Active Directory for authentication Active Directory is widely used in the enterprise and university systems. This article describes how to connect FreeRADIUS with Active Directory, allowing you toauthenticate users against your existin... Network Security Best Practices Network Security Protocols
Making RADIUS More Secure As we’ve previously discussed, there are several insecure elements in RADIUS. We are currently working in the IETF (Internet Engineering Task Force) to close those gaps and improve security for everyo... Network Security Protocols
RADIUS protocol and password compatibility In order for RADIUS authentication to work, user passwords need to be stored in a format that is understood by the authentication protocol used by the client. Unfortunately, not all protocols work wit... Network Security Best Practices Network Security Protocols
How authentication protocols work Choosing an authentication protocol is one of the most important decisions when designing a RADIUS ecosystem. There are a variety of authentication protocols to choose from, each with their own set of... Network Security Protocols
Is PAP secure? A common misconception is that PAP is less secure than other authentication protocols such as CHAP, MS-CHAP, or EAP-MSCHAP(v2). This perception arises because of a misunderstanding of how PAP is actua... Network Security Best Practices Network Security Protocols
MS-CHAP is dead While MS-CHAP has been used since 1998, it uses DES encryption which was deprecated in 2002. Attacks on MS-CHAP itself have been known since 2006, and those attacks have only gotten better over time. ... Network Security Best Practices Network Security Protocols