HomeContributionsTwo-Factor Authentication Using RADIUS: Protect Your VPN, VDI, Wi-Fi, and Firewall

Two-Factor Authentication Using RADIUS: Protect Your VPN, VDI, Wi-Fi, and Firewall


This article was contributed by Joan Young who works as a business writer for protectimus.

IT administrators often use the RADIUS authentication protocol to build secure corporate infrastructures. RADIUS authentication servers allow them to control access to routers, switches, VPNs, firewalls, virtual desktops, and any other RADIUS supporting gadgets or apps.

That is why building RADIUS networks became extremely popular today when some employees work in the office, others prefer working from home, and many people combine office and remote work and bring their own devices to the workplace.

Still, RADIUS cyber security capability can increase several times if an IT administrator adds two-factor authentication to the RADIUS device, RADIUS software, or RADIUS network.

Why RADIUS two-factor authentication is a must

RADIUS authentication implies using the login and password unique for every user. The RADIUS protocol has been used since the first days of the internet, and this approach to authentication (the requirement for unique credentials) helped to increase the RADIUS network access security for many years. 

But there are too many troubles with single-factor authentication we know about today: vulnerability to brute force attacks, credentials stuffing, keyloggers, phishing, vishing, smishing, social engineering, numerous viruses intercepting passwords, etc. Knowing about all these RADIUS security threats, we cannot consider single-factor authentication secure anymore.

RADIUS two-factor authentication means adding temporary one-time codes as a second authentication step. The one-time codes can be generated with the help of an authentication app on the user's smartphone, delivered via a chatbot in a messaging app, or generated using a special hardware device – a hardware OTP token. 

The main idea of two-factor authentication is that the user needs their smartphone or hardware token (something they have with them) together with their username and static password (something they know) to access the RADIUS network.

Thus, the hacker needs to get both authentication factors at the same time to compromise access to the RADIUS software or device. Given that the lifetime of a time-based one-time code is 30 seconds, it is almost impossible to hack a RADIUS network protected with two-factor authentication.

How to enable two-factor authentication for RADIUS devices and software

To enable two-factor authentication for a RADIUS compatible device or software, integrate it with the Protectimus RADIUS 2FA solution. It works for any RADIUS software or appliance, including any VPN like Cisco AnyConnect, Wi-Fi routers and switches, firewalls like SonicWall, services for remote access infrastructure like Citrix Gateway, or VMWare Horizon, and even like Ubuntu or macOS.

To set up two-factor authentication using RADIUS with the help of the Protectimus 2FA solution, install the Protectimus RProxy software on a server within your network and then configure the authentication policies on the device or software you want to protect with 2FA. The Protectimus RProxy component will work as a RADIUS server receiving authentication requests from your RADIUS client and transmitting them to the two-factor authentication server and back.

So to set up two-factor authentication for a RADIUS compatible device or software:

  1. Sign up for Protectimus Two-Factor Authentication Service or install the Protectimus On-Prem Platform on a server within your network and configure basic settings (add a resource, add users and tokens or enable synchronization with Active Directory).
  2. Install the Protectimus RProxy software on a server within your network and set the necessary values in the rpoxy.properties file following the RADIUS two-factor authentication integration instructions.
  3. Configure authentication policies of the RADIUS compatible software or device you will protect and specify Protectimus RProxy as the RADIUS server. 

You'll find detailed instructions on integrating two-factor authentication for the most popular RADIUS software and devices on the Protectimus website. If you have any questions, be sure that the support team will help you with integration at any stage.

Protect your VPN, Wi-Fi, or any other software and hardware in your RADIUS network today before it's too late.

About the author

Joan Young is a business writer at protectimus with big expertise in digital marketing and increasing sales. Working with many entrepreneurs, she advises newcomers and experienced people in the digital environment.

In particular, her task is to optimize costs and automate all technical business processes, she has been doing this successfully for more than 10 years

Recent News