Loading...
RadSec
RadSec is a transport layer security (TLS) based protocol designed as a secure implementation of the RADIUS protocol. It protects RADIUS communication channels by encrypting data, ensuring confidentiality and integrity, making it suitable for exchanging authentication, authorization, and accounting information over untrusted networks such as the Internet..
RadSec, or RADIUS over TLS, is an extension of the traditional Remote Authentication Dial-In User Service (RADIUS) protocol to enhance security during transmission. Standard RADIUS messages are transmitted in cleartext over UDP, making them susceptible to interception and manipulation. RadSec addresses these limitations by encapsulating RADIUS packets within a TLS connection via TCP, thus adding encryption, authentication, and data integrity.
RadSec operates over port 2083/TCP by default. By leveraging TLS, it provides mutual authentication between RADIUS clients and servers, using certificates to verify identities before exchanging sensitive information. This encrypted channel ensures that credentials and other critical data remain protected in transit, particularly beneficial when roaming across multiple administrative domains or over public networks.
RadSec adoption continues to grow, especially within eduroam, Wi-Fi roaming, and large enterprise environments requiring secure AAA (authentication, authorization, and accounting) exchange. It integrates well with existing RADIUS infrastructure, typically requiring minimal modifications apart from configuring TLS certificates and ensuring software support for the protocol.