Is NTLM secure? While Active Directory is widely used, it has still uses insecure protocols such as NTLM. The important question many people ask is “Does turning off NTLM increase security”? The answer is “maybe”, or... Enterprises Security Threats and Vulnerabilities
FreeRADIUS hardware requirements A common question for people installing the server is “what are the hardware requirements for FreeRADIUS?” The answer is both simpler, and more complex than you would think. The performance of a RADIU... FreeRADIUS Technical Guides
RADIUS for Universities University environments present challenges for RADIUS system design. Every hour, on the hour, thousands of students close their laptops, move to a different location, and open them again. This unique ... Education
The problem with RADIUS in the cloud The promise of cloud-hosted infrastructure sounds tempting. Someone else manages yourdatabase, you pay only for what you need, you may have better data security, and the database can scale up with you... Network Architecture
Email addresses are primary user identifiers? There is a lot of advice out there that email addresses are not identifiers . Even Internet2 has a document explaining why email is not an appropriate user identifier . What does this mean for RADIUS,... Education
IETF Bangkok 122 recap: What we're doing to advance RADIUS standards I've recently returned from IETF Bangkok, the Internet Engineering Task Force (IETF) 122 meeting, where I spent a week working with implementers, operators, and standards authors who are defining the ... IETF and RADIUS Standards
Using FreeRADIUS with FIPS mode on compliant systems In order to create more secure systems, standards such as Federal Information Processing Standard 140-2 ( FIPS-140) are being more widely used. The FIPS standard provides for limits on which cryptogra... Enterprises FreeRADIUS Technical Guides
Announcing SRADIUS RADIUS has used MD5 for security for almost thirty years. It is time to use a modern alternative: SRADIUS! We just released an Internet-Draft which defines “Secure RADIUS”, or “SRADIUS”. We also have ... IETF and RADIUS Standards
Introducing RADIUS 1.1 RADIUS has a problem. The name of the problem is MD5. The MD5 hash algorithm was defined in 1991, and was used in RADIUS in 1993. However, MD5 is no longer secure. It is a bit of a miracle that RADIUS... IETF and RADIUS Standards
Looking Forward to IETF 122 We have been involved in the Internet Engineering Task Force (IETF) for a few decades now. During that time, we have written many of the RADIUS standards. We are still involved in the standards proces... IETF and RADIUS Standards
RADIUS security best practices: How to harden your deployment RADIUS has several well-known security limitations, most of which are easy to mitigate once you know what to do. This guide walks through five common weaknesses in the RADIUS protocol and the practica... IETF and RADIUS Standards
RADIUS password compatibility This article covers password storage compatibility for RADIUS deployments. You'll findan overview of how the RADIUS protocol works here. In order for RADIUS authentication to work, user passwords need... Network Security Protocols