The problem with RADIUS in the cloud The promise of cloud-hosted infrastructure sounds tempting. Someone else manages yourdatabase, you pay only for what you need, you may have better data security, and the database can scale up with you... Network Security Best Practices
Email addresses are primary user identifiers? There is a lot of advice out there that email addresses are not identifiers . Even Internet2 has a document explaining why email is not an appropriate user identifier . What does this mean for RADIUS,... Network Security Best Practices
IETF Bangkok 122 recap: What we're doing to advance RADIUS standards I've recently returned from IETF Bangkok, the Internet Engineering Task Force (IETF) 122 meeting, where I spent a week working with implementers, operators, and standards authors who are defining the ... Network Security Protocols
Using FreeRADIUS with FIPS mode on compliant systems In order to create more secure systems, standards such as Federal Information Processing Standard 140-2 ( FIPS-140) are being more widely used. The FIPS standard provides for limits on which cryptogra... Network Security Protocols
Announcing SRADIUS RADIUS has used MD5 for security for almost thirty years. It is time to use a modern alternative: SRADIUS! We just released an Internet-Draft which defines “Secure RADIUS”, or “SRADIUS”. We also have ... Network Security Protocols
Introducing RADIUS 1.1 RADIUS has a problem. The name of the problem is MD5. The MD5 hash algorithm was defined in 1991, and was used in RADIUS in 1993. However, MD5 is no longer secure. It is a bit of a miracle that RADIUS... Network Security Best Practices Network Security Protocols
Looking Forward to IETF 122 We have been involved in the Internet Engineering Task Force (IETF) for a few decades now. During that time, we have written many of the RADIUS standards. We are still involved in the standards proces... Network Security Protocols
Making RADIUS More Secure As we’ve previously discussed, there are several insecure elements in RADIUS. We are currently working in the IETF (Internet Engineering Task Force) to close those gaps and improve security for everyo... Network Security Protocols
RADIUS protocol and password compatibility In order for RADIUS authentication to work, user passwords need to be stored in a format that is understood by the authentication protocol used by the client. Unfortunately, not all protocols work wit... Network Security Best Practices Network Security Protocols
How authentication protocols work Choosing an authentication protocol is one of the most important decisions when designing a RADIUS ecosystem. There are a variety of authentication protocols to choose from, each with their own set of... Network Security Protocols
Is PAP secure? A common misconception is that PAP is less secure than other authentication protocols such as CHAP, MS-CHAP, or EAP-MSCHAP(v2). This perception arises because of a misunderstanding of how PAP is actua... Network Security Best Practices Network Security Protocols
MS-CHAP is dead While MS-CHAP has been used since 1998, it uses DES encryption which was deprecated in 2002. Attacks on MS-CHAP itself have been known since 2006, and those attacks have only gotten better over time. ... Network Security Best Practices Network Security Protocols