RADIUS Secrets

The importance of the RADIUS shared secret and security:

• Provides data integrity; meaning that you have confidence that the information received came from the trusted (by knowing the secret) source without modification.

• Protects the user password during PAP authentication. Knowing the RADIUS shared secret, the clear-text password can be derived from the PAP encoded password.

• Protects the RADIUS server from a variety of attacks by requiring all RADIUS data pass verification against the shared secret. Typically, this means the RADIUS server simply does not process the data, dropping the RADIUS requests.

• Select strong shared secrets. Use one for each client, as much as possible. It is also recommended to have all RADIUS protected in a secure tunnel such as a VPN or RadSec.

For more information on RADIUS security, here are a variety of links:

• An Analysis of the RADIUS Authentication Protocol

• Shared secrets: Internet Authentication Service (IAS)

• Securing a RADIUS server

• RADIUS Overview by HP

• RadSec IETF Draft

• JRadius / RadSec

• CoovaChilli / RadSec