Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!

3 Security Advantages of a Cloud RADIUS Server

In order to successfully configure a WPA2-Enterprise network you must have a RADIUS server. The RADIUS authorizes and authenticates users signing into the network and eliminates any speculation into who is using your network. A properly configured Cloud RADIUS can garner your organization tremendous advantages in regards to network security.

While many benefits come with using Cloud RADIUS, we’ve compiled a list of three of the biggest advantages.

Prevent Over-the-Air Credential Theft and MITM Attacks

Quote Banner RADIUS and PKI

A common issue that organizations face comes from their network’s vulnerability to over-the-air credential theft. A cybercriminal has numerous attack methods to obtain legitimate credentials and comprise the safety of the entire operation. When using a WPA2-PSK network, devices will blindly send their credentials to any SSID that shares the same name as their Wi-Fi network, putting your organization at serious risk for credential theft.

However, Cloud RADIUS enables 802.1x which encrypts each user’s session uniquely, preventing credential theft and securing private information.

Another advantage of Cloud RADIUS is the user friendly onboarding tools we provide. The #1 rated software integrates Cloud RADIUS with any identity providers (IdP) to authenticate the identities of users, issue the appropriate certificates, and securely configure devices for WPA2-Enterprise.

Cloud RADIUS can also perform an Identity Lookup with any LDAP directory that can confirm a user is still active in the organization at the time of the authentication request. Cloud RADIUS can also perform an Identity Lookup with any SAML directory, including Google, Azure, Okta, etc. which no other RADIUS server can do.

 

Secure VPN Authentication

With the pandemic in full effect, companies are turning to VPNs to allow their staff to continue working from home. With this surge in VPN usage, it is now more important than ever to make sure that VPNs are accessed safely and securely.

A great defensive strategy is using digital certificates to authenticate VPN users. Certificates replace antiquated password-based authentication that can leave a network open for security threats. Certificates encrypt private data and are authenticated with EAP-TLS ensuring that even if a hacker got their hands on one, the information would remain encrypted and safe.

Many VPN users may find it difficult to implement certificates properly, which creates unnecessary security risks. This is due to the fact that Public Key Infrastructure (PKI) has manifold systems that are difficult to navigate.

Luckily, Cloud RADIUS combines with SecureW2’s managed PKI solution that makes changing from passwords to certificates remarkably simple to implement. With SecureW2’s managed PKI, organization’s are able to implement certificate-based VPN access in under an hour. Certificates can easily be distributed to end users using any major operating system and any device, ensuring that even when employees are working from home your network remains safe.

Create Roles and Network Policies

Implementing a Cloud RADIUS Server also allows organization’s to grant access based on a user’s standing within the organization. Any attribute that lies within the IdP can be used to apply network policies.

This can be particularly helpful for keeping your network secure, through the means of Network Segmentation. For example, you could segment your network so that a student could only access a very limited part of your network while a member of the IT Staff could access the entire network. This may sound simple, but it would prevent any malware a student brought in from infecting your Staff resources or devices. Critically important in the case of ransomware.

It can be used to the same effect for VPN access. If you integrate your RADIUS server with your VPN Gateway, you can now use it to dynamically grant different levels of VPN access automatically. With a RADIUS backed VPN, you could use the same certificate for Wi-Fi and VPN access, but create policies so that despite everyone owning a certificate, not every certificate could be used to access resources using the VPN.

Perform Runtime-Level Policy Enforcement

Our own Cloud RADIUS is a “Dynamic” RADIUS server, meaning it’s able to make runtime-level policy decisions based on information stored in the directory. It’s the only Cloud RADIUS in the industry that is able to directly reference cloud IdPs like Azure, Okta, and Google during authentication for purposes of role assignment and user segmentation.

Dynamic Cloud RADIUS is also more secure than the already airtight certificate-based cloud RADIUS because of that additional authentication step. Typically, the RADIUS just checks the Certificate Revocation List to confirm that the client certificate hasn’t been revoked recently, but there’s a small window in which that list isn’t updated and the network could be accessed with a revoked certificate.

In fact, Dynamic Cloud RADIUS reduces reliance on certificate management as a whole. It’s easy to overlook or forget to manually revoke certificates when permissions change, but editing user attributes is easy and the changes propagate throughout the system immediately.

The Dynamic Cloud RADIUS Advantage

Cloud RADIUS can offer organizations an affordable and hassle free way to make sure their network stays safe. While on-prem servers are costly and require on-site maintenance Cloud RADIUS can be managed from anywhere, has just one license, and requires no physical installation.

Cloud RADIUS is also the only Cloud RADIUS server that comes with an easy to use Managed PKI to ensure that your employees credentials aren’t being sent over the air, often un-encrypted.

SecureW2’s CloudRADIUS is available with all of the previously mentioned benefits and the #1 Rated onboarding system in its class. If you’re interested in using Cloud RADIUS on your network, click here to learn more about our pricing options.

Learn about this author

Eytan Raphaely

Eytan Raphaely is a digital marketing professional with a true passion for writing things that he thinks are really funny, that other people think are mildly funny. Eytan is a graduate of University of Washington where he studied digital marketing. Eytan has diverse writing experience, including studios and marketing consulting companies, digital comedy media companies, and more.

3 Security Advantages of a Cloud RADIUS Server