What Is Dynamic Cloud Radius?

SecureW2 is excited to announce a whole new way to utilize a AAA/RADIUS server – Dynamic Cloud RADIUS. This server will revolutionize the way users are authenticated and create a WPA2-Enterprise network that is more efficient and more secure than any before. 

The Dynamic Cloud RADIUS brings all the same security features as a standard RADIUS but with some key added benefits. Once configured, your Dynamic Cloud RADIUS will be able to perform enhanced, certificate-based authentication, which includes shared hosted RADIUS capability, runtime-level policy enforcement, and reinforced security.

What Identity Providers/Directories does Dynamic Cloud RADIUS support?

Dynamic Cloud RADIUS enables directory checks via a lightweight API designed to reduce request size and optimize authentication speed. It’s compatible with the following cloud directories:

  • Azure AD
  • Okta
  • G Suite / Google

How does Dynamic Cloud RADIUS work?

The defining feature that separates Dynamic Cloud RADIUS from other RADIUS is that the DCR actually communicates with the directory directly.

This allows the RADIUS server to reference a directory entry, both to confirm the entity is authorized for access, and to read any other user information. This functionality is similar to the user lookup feature employed by networks with LDAP-AD infrastructure.  

During typical certificate-based RADIUS authentication, the RADIUS server references the CRL if it is provided with a valid certificate signed by a CA that’s also in the RADIUS’ root store. The RADIUS can only decide to authenticate based on the information stored in the certificate, which tends to be very little beyond the name, dates, and keys.

X.509 digital certificates are usually static – they can not be edited. Any changes in user permissions have to be enforced by revoking and reissuing certificates, a process that quickly becomes burdensome as a single user can have many certificates. 

Instead of certificates storing the information necessary for policy enforcement, that data can be stored in the directory. Dynamic Cloud RADIUS can then check the directory and make policy decisions regarding user privileges, a method that is more secure and easier to manage. 

What are the benefits of Dynamic Cloud RADIUS?

Dynamic Cloud RADIUS can completely change the way your network is protected through a few quintessential features.

Eliminate the need for certificate management

In any organization, you can expect some level of movement from employees. Each employee can leave, transfer, be promoted, or be moved for any number of reasons. This can often lead to challenges for an IT department that needs to adjust a directory entry and revoke/reissue certificates for each employee. This large workload can exhaust the IT team or worse, lead to a lapse in security leaving your network vulnerable.

Our Dynamic Cloud RADIUS server remedies this problem by confirming a request through the active directory directly. The RADIUS can reject requests based on user status imputed in the AD, this is much more user friendly and removes the need for stringent certificate management.  

Added Layer Of Security 

For security, each added level of redundancy is an added level of strength. Dynamic Cloud RADIUS adds redundancy to the user validation process without adding a burden in the form of network requests.

The redundancy is especially effective due to the fact that it eliminates a small security feature in CRLs – their update interval. This weakness comes from a copy of the CRL being stored in the RADIUS, updated every day or two. This small window may seem insignificant, but it does give possible security threats a chance to use a recently revoked certificate before the RADIUS registers it as invalid. 

Runtime-level policy enforcement by the RADIUS. 

As previously mentioned, Dynamic Cloud RADIUS allows the RADIUS to segment users and restrict/allow resources based on information stored in their directory entry. Since enforcement occurs at runtime, changes made to a user’s permissions are propagated throughout the system immediately rather than a day or two later, as is typical with most RADIUS servers.

Dynamic RADIUS Allows For Shared Isolated Networks

Another exciting feature of Dynamic Cloud RADIUS is the ability to use a single RADIUS server for multiple networks. Meaning that it’s now possible to securely authenticate requests from different networks while still maintaining isolation from each network.

This is especially helpful for organizations that pay tons of money for multiple servers, or Managed Service Providers (MSP) who can now offer an affordable white-labeled Cloud RADIUS solution to their customers.

Who is Dynamic Cloud RADIUS for?

The security benefits and user experience improvement provided by Dynamic Cloud RADIUS would be useful to any organization that uses an 802.1x network, however there are a couple of users who stand to benefit the most from these advancements in RADIUS technology.

Any large Enterprise-level organization will find Dynamic Cloud Radius particularly attractive for a couple of key reasons. First, it accounts for the increase in human error that comes from IT administrators managing thousands of certificates. Gone are the days where mobility within the company causes lapses in security, as the dynamic nature of RADIUS evolves as your company does. 

Secondly, Dynamic Cloud RADIUS reinforces the inherent security vulnerability of a longer CRL update interval by providing a redundant validation that occurs in every authentication request. This is especially exciting as the more you update the CRL the more expensive the service becomes.

Managed Service Providers (MSP) will be elated at the announcement of Dynamic Cloud RADIUS since it introduces Shared Hosted RADIUS capabilities. MSPs can rarely offer their customers cloud RADIUS options because it’s simply too cost-prohibitive to set up the infrastructure for the small companies that MSPs typically service.

With the ability to use a single RADIUS server for multiple clients, all while keeping the client networks and resources totally isolated, MSPs can finally offer a scalable, full-featured RADIUS as part of their network security package. 

More Efficient RADIUS

Dynamic Cloud RADIUS is the next generation of RADIUS server and is ready to change the way that certificate-based networks are used. It reduces any existing weaknesses with the RADIUS protocol and vastly improves user experience and certificate management.

SecureW2 has affordable options for organizations of all sizes. Click here to see our pricing.

 

Eytan Raphaely

Eytan Raphaely is a digital marketing professional with a true passion for writing things that he thinks are really funny, that other people think are mildly funny. Eytan is a graduate of University of Washington where he studied digital marketing. Eytan has diverse writing experience, including studios and marketing consulting companies, digital comedy media companies, and more.

Related Posts