[RADIATOR] Password/certificate security seems next to none on Radiator server

Nadav Hod nadav.hod at comm-it.co.il
Fri Oct 2 06:57:35 CDT 2015


We're off topic I think, the subject was whether or not stronger certification and password security measures should be integrated into Radiator in order to protect certificates and NAS passwords. From my implementation of Radiator I could tell that both these issues were not addressed and in fact became new attack vectors that previously did not exist in our NPS solution. 

I personally am not a big fan of NPS due to its lack of scalability, authentication support and customability, but at least credentials were somewhat secure. 

________________________________________
From: A.L.M.Buxey at lboro.ac.uk [A.L.M.Buxey at lboro.ac.uk]
Sent: Friday, October 02, 2015 1:45 PM
To: Nadav Hod
Cc: Sami Keski-Kasari; radiator at open.com.au
Subject: Re: [RADIATOR] Password/certificate security seems next to none on Radiator server

Hi,

> In this case the private key wasn't necessary to authenticate the phones. ACS, Cisco's AAA server, also doesn't require the CAPF private key but rather the CAPF public key to authenticate phones.

what you need depends on your implementation. if using another CA - eg a public one, then you just need the
CA to be trusted/known.

alan


More information about the radiator mailing list