Wireless technology has come a long since it was first developed. With time, the list of devices that support wireless technology in one or another has grown tenfolds. The ‘smartness’ of the smart devices commonly available today is partly due to their support for wireless technology in some way, be it charging, data transfer, or pairing with other devices.
The magic behind all the different forms of wireless technology lies not only in the hardware but also in the computer networking and telecommunication protocols. The synthesis of intelligent hardware and efficient networking and communication protocols drives the campaign for a completely wireless future. There are plenty of protocols that, although old, are in effect even today and continue to inspire more robust protocols, like the RADIUS protocol.
The RADIUS server protocol is employed for different use-cases. One of the most popular of such use-cases is for WiFi authentication. This article explains the inner workings of the RADIUS protocol and presents several advantages of using it for authenticating WiFi connections. It also explores other possible protocols and gives a picture of what they offer.
The What & How of the RADIUS Protocol
The RADIUS server is an authentication, accounting, and authorization protocol developed by an American networking equipment manufacturer in the late nineties. It is a centralized system that fulfills all its responsibilities through a single system that employs a database. It is based on the User Data protocol, utilizing it to enable communication with other devices on the network.
Authentication and authorization on the RADIUS server happen through the same process. The protocol involves a designated RADIUS server receiving client requests and sending a service’s configuration information after authentication. The information is sent as a set of key-value pairs packaged with an ‘Access-Accept’ response. The transactions between the RADIUS server and client are also hidden from the network, termed as a ‘secret’.
After the RADIUS server has authenticated and a session begins, the RADIUS server can also receive accounting requests. Receiving the first accounting requests begins the process of gathering information such as data transferred, user ID, session ID, point of access, and reasons for disconnection. The client can also send a request midway for an update. A final request ends the accounting and stores the data on the RADIUS server.
The RADIUS protocol supports different authentication measures like PPP and UNIX login. It encrypts sensitive user information like passwords sent over the network and can change the authorization of users whenever needed.
Popular public cloud services, like Microsoft Azure, also allow users to put up a RADIUS server setup on their platforms. Some common uses of the RADIUS protocol include authentication by a firewall possessing VPN service, common WiFi access points WPA2-Enterprise, and for proxying purposes by a telecommunication provider.
Different WiFi Authentication Protocols
Short for Wireless Fidelity and also called a Wireless Local Area Network (WLAN), WiFi simply means a wireless internet connection. It is the most common form of wireless technology around the world and involves a wireless router. The type of devices that can possess WiFi capability can range from portable devices like smartphones and laptops to hefty printers and even refrigerators.
Authentication on a WiFi connection is an essential part of its security configuration. The standard encryption methods used for authentication are the WiFi Protected Access (WPA) Enterprise methods. There are three such methods, with the second method also having an enterprise-level version. WiFi authentication can be of varying intensity levels:
- Open Authentication: Involving just the Service-Set Identifier (SSID) for connecting.
- Shared Authentication: Requiring a shared key between both sides of the connection.
- Extensible Authentication Protocol (EAP): Querying an authorization server through different credential options.
The EAP authentication for wireless users is the most commonly used wireless network protocol currently. Many enterprise wireless networks use other techniques along with EAP. Such as Transport Level Security (TLS) or a RADIUS server.
WiFi technology has advanced significantly in the past decade. The newest version, called the WiFi 6, has been developed to reduce the issues with having multiple devices on the same connection. It can also support up to a data transfer speed of 9.6 Gbps. It also requires WPA3 at the very least, thus having the highest level of wireless security available globally.
Advantages of WiFi Authentication through RADIUS
With many options available to securely configure a WiFi system’s authentication, choosing a RADIUS server is pretty standard. There are many advantages offered by a RADIUS server that make it a popular choice. Some of the main advantages are as follows:
- A Centralized Authentication System: Managing multiple devices that makeup your wireless network becomes easy through a RADIUS server. All the user requests for access and authentication are handled from one point without caring about different device configurations. A RADIUS server simplifies wireless network administration in an enterprise setting, where users can amount to hundreds.
- Better Network Security: Having a central place to manage the wireless infrastructure drastically improves network security and saves time and effort. RADIUS server security can easily manage user access and privileges by distributing the network into virtual LANs. Each LAN can be designated a particular level or unique mix of privileges. You can set up a RADIUS server with the WPA2-Enterprise encryption as an external authentication. In such a scenario, the wireless client authenticates using a RADIUS server through an EAP method configured in the server.
- Separate Authentication For All Users: By using a RADIUS server for WiFi authentication, managing the credentials for users also becomes easy. Credentials for each user are accessible from a single place and can be changed easily, without affecting the network performance for others. Each user can even manage their own credentials, and the risk of password sharing is also eliminated. As RADIUS server protocol also encrypts passwords during communication, it also provides basic security. However, you can improve such security through using other services in addition to the server.
- Multiple Ways Of Implementation: There are multiple ways of setting up a RADIUS server for WiFi authentication, all different in their approach. There are open-source options like the popular freeRADIUS, which is a significantly flexible and safe option when configured with proper infrastructure. Otherwise, one can also go ahead with an on-premises implementation like Microsoft Network Policy Server, which requires licenses and hardware. Different implementations require different sets of setup tasks. The final decision of a particular implementation rests on the number of resources available and the budget.
WiFi Accountability & Authentication through RADIUS
Robust wireless technology is an essential part of the future of technology. As wireless networking gets more powerful and requires fewer components, its reach increases significantly. A significant example of advanced wireless technology is the concept of the Internet of Things, under which all intelligent devices in a location are constantly connected and sharing data. As exciting as such technology may sound, it comes with its fair share of challenges.
In the case of robust WiFi authentication, a RADIUS server continues to be a common choice, and very few other protocols seem to match in efficacy. It offers many advantages crucial for a strong network that is able to cater to all of its users effectively and efficiently.