The importance of the RADIUS shared secret and security:

  • Provides data integrity; meaning that you have confidence that the information received came from the trusted (by knowing the secret) source without modification.

  • Protects the user password during PAP authentication. Knowing the RADIUS shared secret, the clear-text password can be derived from the PAP encoded password.

  • Protects the RADIUS server from a variety of attacks by requiring all RADIUS data pass verification against the shared secret. Typically, this means the RADIUS server simply does not process the data, dropping the RADIUS requests.

  • Select strong shared secrets. Use one for each client, as much as possible. It is also recommended to have all RADIUS protected in a secure tunnel such as a VPN or RadSec.

For more information on RADIUS security, here are a variety of links: