Network authentication has evolved in lockstep with the development of software over the years. The networking protocols considered secure just a few years back have not withstood the test of time. This has resulted in a massive spike in cases of cyber-attacks, including the dangerous Man-in-the-Middle Attacks.
Today, only organizations that have modernized their networking protocols are secure, especially those using outdated passwords or credential-based protection. Thus network admins need to implement robust network access control solutions for their organization. Any modern NAC solution uses the RADIUS protocol to authenticate users by comparing their credentials or certificates with a centralized directory of real-time users or devices.
What is a RADIUS Server?
Remote Authentication Dial-In User Service, popularly known as RADIUS, was first introduced by Livingston Enterprises in 1991. It provided a reliable and secure alternative to dial-in services used back then.RADIUS is the client-server networking protocol that enables the network access servers (NAS) to communicate with centralized servers for authenticating dial-in users or devices.
Today, RADIUS acts as a centralized authentication and accounting server point for distributed users in a network. The IETF (Internet Engineering Task Force) has also recognized it since the early 2000s. The RADIUS server is an integral component of WPA2-Enterprise and follows the AAA protocols, which stand for Authentication, Authorization, and Accounting in networking.
Here we will compare the two major players in the RADIUS market, Foxpass, and Jumpcloud, and help you choose a solution that best suits your authentication security needs.
Comparing Foxpass and Jumpcloud
Foxpass helps organizations improve their network security with its SaaS-based SSH key-management, LDAP, and RADIUS products. Its RADIUS allows developers to access specific machines by configuring host groups with definite rules, making it easier to provide user logins to Linux machines, VPN connections, and WiFi networks.
Jumpcloud utilizes a shared directory in the cloud to authorize, authenticate and manage various users, devices, and applications instead of on-premises IT infrastructure. Its RADIUS-as-a-Service (RaaS) provides pre-built, pre-configured, scalable, and managed RADIUS servers. Jumpcloud’s RaaS complements its directory by providing additional control to authenticate users and devices.
Let’s compare the different features of their RADIUS services to see where the difference lies.
Authentication Security
For robust wifi authentication, organizations usually rely on 802.1X, an IEEE Standard for Port-Based Network Access Control (PNAC). The standard authentication protocol used in 802.1X in encrypted networks is Extensible Authentication Protocol (EAP). The EAP protocol is a point-to-point (P2P) authentication framework that enhances the security of the network server with its encrypted tunnel.
Currently, there are over 40 methods for authentication under the EAP protocol, but the most common methods used in modern wireless networking are :
- EAP-TLS
- PEAP-MSCHAPV2
- EAP-TTLS/PAP
These protocols have varying levels of security, as illustrated in the table below:
Foxpass Authentication Security
Foxpass services typically employ EAP-TTLS/PAP for authentication protection. It is an outdated protocol that does not use encryption for user authentication and transmits credentials as plain text, making them highly susceptible to cyber-attacks.
Foxpass also supports the PEAP-MSCHAPV2 protocol, which heavily depends on credentials and has known vulnerabilities. PEAP uses a modified TLS handshake and MSCHAPV2 for comparing credentials.
Surprisingly, Foxpass does not support EAP-TLS protocol in its primary RADIUS but only in its “Advanced RADIUS” solution, an add-on feature. EAP-TLS is not dependent on credentials and is considered the most secure authentication protocol for 802.1x networks by admins. It is usually deployed on WPA2-Enterprise networks to enable X.509 digital certificates for authentication. It also provides the best user experience, eliminating the necessity to remember complex passwords.
Jumpcloud Authentication Security
Jumpcloud mainly uses EAP-TTLS/PAP and PEAP-MSCHAPv2 authentication methods to protect users’ credentials. It also provides dual client support of UDP(User Datagram Protocol) and TCP (Transmission Control Protocol) for reliable and compatible authentications.
Using credentials for authentication has many disadvantages compared to digital certificates.
Passwords provide a single layer of weaker security than the multi-layered security of certificates. The password-changing policies also provide a loophole in the system by providing a suitable environment for cyber attacks. These attacks can cause severe data breaches involving losing an organization’s sensitive data over the air.
Digital Certificates
Digital certificates eliminate the need for credentials and provide a secure way of authentication. It uses public-private key encryption for communication over the air, adding an extra degree of cryptographic protection to the server. While network admins recognize the potential of these certificates, there are misconceptions about the technical expertise required to install these certificates.
Both Foxpass and Jumpcloud are great alternatives for credential-based protection. Still, there is a need for comprehensive onboarding software that provides a one-stop solution to certificate-driven security when installing these certificates. SecureW2’s JoinNow Suite provides customizable and adaptable onboarding clients that set up Wi-Fi, VPN, Web, and SSL Inspection security devices.
Customer Service
Both Foxpass and Jumpcloud are superior services, consistently rated highly by their customers. According to customer reviews from G2, Foxpass rates 4.8/5 stars while JumpCloud isn’t far behind with 4.6/5 stars. Similarly, on Capterra, Foxpass has been rated 4.8/5, while Jumpcloud rates 4.7/5 stars. It’s worth noting that Jumpcloud has a more established presence and often has the number of reviews that Foxpass has.
Let’s evaluate these reviews based on the different features to understand various end-users experiences.
Foxpass User Experience
While Foxpass covers all the market segments, the reviews by the platforms as mentioned above suggest mid-market enterprises comprise the largest share of customers. Foxpass allows users to define their own rules for multiple operating systems using pre-configured LDAP protocol and enables users to use the same Foxpass credentials for Wifi or LAN network.
Most customers felt that implementing LDAP and RADIUS services was hassle-free with Google Workspacess and other similar applications. They were also satisfied with customer support’s response and felt Foxpass eased the entire authentication process. Customers felt the Foxpass integrated well with different SaaS directories.
Some customers had issues with stability latency and timing out of software on logins. A few customers consider the UI and UX flow of Foxpass a bit sluggish, and others felt LDAP resources on the portal were a bit slow. Users report that documentation around OTP and MFA is not very specific and organized. As the authentication primarily depends on the passwords, some users complained of technical glitches during the password change.
Jumpcloud User Experience
While Jumpcloud also covers the entire market segment, the same reviews suggested the inclination of its market share towards small-business to mid-market. It also targets educational institutions, non-profit organizations, and government agencies as their potential customers.
Jumpcloud is more suited for small enterprises having fewer employees as their budget permits them to maintain their database on the cloud only. It provides SSO, LDAP, Radius, and MFA on the same platform, which many customers appreciate. Along with smooth integration with different MDM vendors, Jumpcloud RaaS complements other directories. Customers have also applauded its device policies and Wifi management. The technical support is very cooperative, especially for small organizations that can’t afford dedicated IT support.
Jumpcloud supports some innovative MDM features, but they are over-dependent on the operating systems and credentials. To provide better device immunity, some users suggested using innovative authentication methods for its RaaS, such as PUSH-MFA or QR codes. There are also some naming issues with the VLAN assignment in its RaaS services, and some users felt its directory services could not act as a complete replacement for AD(Active Directory). Some users felt the password reset policies and manually entering passwords to be cumbersome, like Foxpass.
The Best RADIUS Service
Both Foxpass and Jumpcloud are pioneers in the networking arena and offer dependable RADIUS services. However, the authentication protocols adopted by their RADIUS servers are heavily dependent on credentials that a capable cyber-criminal or hackers could easily exploit. SecureW2 offers a wide range of turnkey Managed PKI solution that eliminates the drawbacks of credentials and provide seamless onboarding to certificate-driven security.
The Cloud RADIUS offered by SecureW2 provides all the pros of these two RADIUS services with additional capacity to deploy certificate-based 802.1x network authentication, the gold standard in network authentication. It utilizes SecureW2’s turnkey PKI to easily enroll and configure any device for certificates. Here’s our budget-friendly pricing and a one-stop gateway for your secure network authentication solutions.
