Freeradius for added security? How?
-
I am trying to "up"(increase) my security to the max and Freeradius seems to be a popular package used by many. Will it increase my security on a(my) small network?
My general setup is as follows:
- Numerous seperate isolated VLANs Guest, IOT VLAN, Work, personal, etc…)
- Each VLAN has clients(assigned by DHCP) with fixed IPs(with MAC addresses), all other clients are denied
- Policy routing using the clients fixed IPs in aliases
- Snort, pfBlocker
- Traffic routed thru VPNs
Would adding the/a Freeradius package enhance security? A lot more secure? If so how would it enhance the security?
I found info on setting it up and benefits in very large networks but that was all...
Thanks for any thoughts or advice...
V
-
One way radius can be used to increase security is the ability to use say eap-tls to auth clients to a wireless network. So now clients would have to have a different method of auth vs just a PSK.. This could be a username and password to auth to the network, or if something as secure as eap-tls.. Where now your clients have to have a cert issued by your CA, etc..
Use of of eap allows for the functionality of different logins for different users, so if say a user creds have been compromised or believe to be compromised you could just change those specific creds or disable them without having to change all your devices to use a new PSK, etc.
You could 802.1x with your radius server so that devices are not allowed on the network be it wired or wireless unless they pass the auth you setup with 802.1x
As example - you state you have your personal wireless.. Which I assume has access to more of your network then any of your other wireless networks. So in this case you could require eap-tls to get on this network. So only devices you actual trust and have given the correct certs could get on this network.
