Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!

Configuring FreeRADIUS for EAP-TLS Authentication

FreeRADIUS is one of the most widely used RADIUS authentication providers, with customers ranging from top enterprises to universities. While FreeRADIUS is certainly an effective authentication tool, cybersecurity hinges on the strength of the entire security network. Security conscious organizations will look to pair FreeRADIUS with WPA2-Enterprise onboarding software to ensure end users are configured properly for secure network access, and enabling certificate-based authentication can take network security to the next level.

Advantages of FreeRADIUS

As an Open Source RADIUS server, FreeRADIUS offers a number of advantages not matched elsewhere in the market. From an authentication security standpoint, FreeRADIUS supports a wide array of authentication methods and protocols. It’s a versatile server that can authenticate certificates, credentials, and a number of Multi-Factor Authentication methods. We can summarize the main advantages of FreeRADIUS into 4 points:

  1. It’s the most popular RADIUS server in the world for a reason; It works like a charm.
  2. It is a no cost solution and it’s Open Source.
  3. It’s multi-threaded, so it can process more than one transaction at a time.

There are no license expenses, meaning that it costs the same to authenticate one device as it does hundreds.

FreeRADIUS is also designed to seamlessly integrate into your network and fulfill the particular functions your organization requires of a RADIUS server. It can be continually updated to match the scale an organization grows over time and accommodate a shifting technology market by authenticating and integrating new devices and network infrastructure.

Plus, did we say it was Open Source? Because FreeRADIUS is free, it’s significantly more cost effective to set up and maintain than many other RADIUS servers. Many other RADIUS providers cost a fortune for licenses and support. The creators of FreeRADIUS offer reasonable support and setup consultation through their company Network RADIUS. Even with paid support and setup, FreeRADIUS is quite often the most cost effective solution.

Secure FreeRADIUS Authentication with EAP-TLS

One of the first questions to be answered when configuring FreeRADIUS is how will users authenticate to the wireless network? In the modern cybersecurity arena, there are two main competitors: credentials and certificates.

Credentials are what everyone is used to. Unfortunately, credentials are severely outdated and woefully ill-equipped to protect against modern cybersecurity threats. They can be easily stolen through brute force attacks, or shared with unknown entities, rendering much of your external security useless. Like most other decades old technology, passwords simply don’t stand up to modern standards.

On the other hand, certificates are a powerful security tool designed to thwart a number of outside attacks. The EAP-TLS authentication process for certificates utilizes public key cryptography to ensure only approved network users are able to gain network access. And the EAP tunnel protects information traveling over-the-air from outside attacks.

Additionally, certificates can be configured so they cannot be lost or stolen, adding to the hands-free nature of the certificate user experience. Users that authenticate with certificates don’t have to frequently update due to a password reset policy, and they don’t have to manually authenticate themselves each time they want network access.

Security and the user experience are often the top two criteria for cybersecurity technologies, and certificates far surpass credentials in both cases.

Powerful FreeRADIUS with SecureW2

SecureW2’s certificate solutions are built to integrate with FreeRADIUS and any other network infrastructure from major vendors. With SecureW2, you get a turnkey solution that goes hand-in-hand with FreeRADIUS to enable EAP-TLS. Along with certificates, we provide everything your organization needs to launch a powerful, certificate-based network.

Our turnkey PKI solution is easy to configure and provides efficient access to all the certificates that will be needed on the network. Network management is facilitated by the management portal, which provides the ability to easily segment network users, view authentication events, and remote troubleshoot any issues that may arise.

The JoinNow onboarding solution was created for network users of any technological literacy level to be able to complete. The process of equipping a device with a certificate takes mere minutes and a few clicks. Any BYOD or managed device can be fixed with a certificate to authenticate to wireless networks, web applications, VPN, and more. Combined with our API Gateways that enable MDM managed devices to auto-enroll themselves for certificates, organizations have everything they need to configure devices for ultra secure EAP-TLS authentication.

Cybersecurity relies on every part working in concert towards the goal of protecting the network, users, and data. Protecting the authentication process is among the simplest actions you can take to thwart outside attacks. Check out SecureW2’s pricing page to see if our certificate solutions are right to authenticate to your FreeRADIUS.

Learn about this author

Eytan Raphaely

Eytan Raphaely is a digital marketing professional with a true passion for writing things that he thinks are really funny, that other people think are mildly funny. Eytan is a graduate of University of Washington where he studied digital marketing. Eytan has diverse writing experience, including studios and marketing consulting companies, digital comedy media companies, and more.

Configuring FreeRADIUS for EAP-TLS Authentication