Thursday, January 6, 2022

Radiator Auth.fi: easy and secure Wi-Fi Authentication for your organization

Organizations using Wi-Fi networks need an easy and secure way to provide access to the network, either to their own users or guests. At Radiator Software, we have been working with many use cases around this theme and we wanted to provide a solution where authentication features of Radiator can be used as easily as possible.

For this use, we created Radiator Auth.fi.

Radiator Auth.fi is a RADIUS based Wi-Fi authentication cloud service for network users and guests. It provides an easy way for employees or subcontractors to get self-service network access credentials for WPA2/WPA3 Enterprise secured network. It can also be easily deployed: you do not need new hardware, but only a few changes to the settings of your current network devices.

Radiator Auth.fi can be used globally from different locations. To accomplish this, we have set up a global cloud service that can cover multiple locations, while making sure that the service is GDPR compliant.

In addition, Radiator Auth.fi supports Wi-Fi roaming. If the visited organization and networks are part of the same roaming federation (such as eduroam or govroam) that is supported by the service, and roaming access is permitted, the roaming user’s device signs in to the network automatically and safely. It uses the settings and user credentials that are already stored in the user device.

Would you like to know more?

For more info about Radiator Auth.fi, please contact our sales team at sales(a)radiatorsoftware.com. We are happy to discuss your use case and how Radiator Auth.fi may suit your needs. Commercially, Radiator Auth.fi is based on a flexible, pay-as-you-go subscription model that allows you to scale the use of the service based on your business needs.

Monday, December 20, 2021

Radiator used for authentication in water monitoring

Water monitoring is important in all regions of the world. In order to have a clear overall picture of such vital resource, it is necessary to have real-time data about river levels and flows, storage elevations and volumes, and water salinity.

Water monitoring organizations use remote sensor networks to monitor data such as reservoir levels, stream flows, and pipeline valve positions. Those sensors, often equipped with mobile data transceivers, are critical components of the water management system, and therefore need to be authenticated.

For one of our major customers in this field, we have provided a RADIUS authentication solution, using Radiator AAA server to authenticate around 2000 active devices currently in active service.

After the authentication is done, the sensors send their telemetry data to specialized data repositories for processing, analysis, and display, in order for customer organizations to know the real-time status of their water system.

Would you like to know more about using Radiator in device authentication?

If you are interested in using Radiator in device authentication - for example in telemetry or sensor networks, please do not hesitate to contact our sales team at sales@radiatorsoftware.com.

Radiator, being the most flexible AAA server in the market, may be just the solution for your authentication use case.

Monday, December 13, 2021

Radiator is not affected by log4j vulnerability

On the 10th of December 2021 a vulnerability (CVE-2021-44228) in a popular Java-based logging utility log4j was published. Since then we have received some customer queries about Radiator’s vulnerability.

Radiator does not utilise Java or log4j as a component of our software and is therefore not vulnerable to the log4j vulnerability.

While following closely the situation, research and responses around the vulnerability, we have identified that RADIUS protocol and infrastructure can be used to deliver the exploit to more vulnerable services such as Java-based backend services, AAA information sources and centralised logging systems. We have documented this delivery method principle into a separate blog post found here:

https://blog.radiatorsoftware.com/2021/12/radius-servers-and-log4j-vulnerability.html

We will continue monitoring the issue closely and announce if issues affecting Radiator or Radiator services are found.

RADIUS servers and log4j vulnerability

On the 10th of December 2021 a vulnerability (CVE-2021-44228) in a popular Java-based logging utility log4j was published. While Radiator and some other RADIUS servers are not themselves vulnerable, log4j may be used in Java based user interfaces, log processors and many other supporting services and software. The systems and networks using RADIUS authentication can then be used to deliver the exploit to some other vulnerable services even if the exploit does not affect the RADIUS server systems directly.

Figure 1: RADIUS infrastructure as a delivery method for log4j exploits

The attacker can always try to exploit accessible network devices directly. Many network devices nowadays use Java based user interfaces and logging systems, which include log4j as a component and are therefore vulnerable to a direct attack. The attack can however reach deeper into backend services via RADIUS authentication without the need for the attacker to reach the actual backend services directly.

If the attacker is able to get the network device to add a suitable exploit payload to the RADIUS request, that payload can then be delivered through the RADIUS server to backend services and even outside one organisation. The payload does not affect the RADIUS servers themselves (unless they use Java and log4j) but RADIUS and RADIUS federations may be used as a delivery mechanism for exploits to reach more interesting targets.

Mitigating the risk by filtering and sanitising RADIUS attributes in RADIUS servers is likely to break more than it protects. It is more productive to focus on updating or possibly replacing log4j using systems than trying to prevent the delivery of the exploit.


Friday, November 19, 2021

Companion to Radiator 4.26: SIM support 2.7 and Carrier module 1.7 released

We are very pleased to announce the release of Radiator SIM Module 2.7 and Radiator Carrier Module 1.7. This release is in companion to the most recent Radiator 4.26 version, and brings a number of fixes and enhancements to Diameter and SIGTRAN. IMSI privacy is now tested against Wireless Broadband Alliance technical specification 'IMSI Privacy Protection for Wi-Fi'. Also included are number of smaller enhancements and bug fixes.

For the full product history, please visit the Radiator SIM Module revision history and Radiator Carrier Module revision history.

Radiator packages are available to download for current licensees from the downloads page and the Radiator repository.

Access to download the latest release can be renewed by placing an online renewal order or contacting sales@radiatorsoftware.com


Wednesday, November 17, 2021

Connect to OpenRoaming™ with Radiator

Wireless Broadband Alliance (WBA), provides OpenRoaming™, a roaming federation service enabling an automatic and secure Wi-Fi experience globally. It creates a federation of networks and identity providers to enable automatic roaming and user onboarding on Wi-Fi. More information can be found from WBA OpenRoaming™ pages or from the video below.

 

Recently, we have seen developments where carriers and other organisations, such as universities, are embracing OpenRoaming™ for their guest Wi-Fi access. This industry backig and focus on end user experience is one of the key benefits of OpenRoaming™.

As OpenRoaming™ becomes more integrated in the Android and Apple devices, the host organisations do not need to worry about how they will provide guest user credentials for guests. The guests will already authenticate with Apple, Google, participating operators and even in the future with Facebook credentials to guest networks without requiring host organisations to instruct them or provide configuration to their devices. For users, this development would bring significant benefits: secure and easy access to the Wi-Fi network wherever they go.

Radiator Software, being a WBA member and solution provider, can provide your organisation the products and services you need in order to join OpenRoaming™.

Radiator supports OpenRoaming™ requirements

For OpenRoaming™, support both for RadSec and DNSRoaming protocol is needed in order to implement the roaming securely and without extra effort to the end user. Radiator AAA Server supports both these protocols as can be seen from our product page. With RadSec, we are proud to tell that Radiator was the first commercial AAA Server where the protocol was implemented.

At the same time, we have 20 years of experience for providing roaming solutions to our Radiator customers - especially for international roaming federations suchs as eduroam and govroam. For these customers, we can of course provide assistance when joining OpenRoaming™.

Interested in joining OpenRoaming™ using Radiator?

For OpenRoaming™, our team can offer you a complete package: providing the software and the installation and the configuration assistance in order to join OpenRoaming™. After this, with Radiator support, you can ask for any later on assistance needed if for example configuration changes are needed.

Please contact our sales team at sales@radiatorsoftware.com

Friday, October 29, 2021

Radiator 4.26 now available

We are pleased to announce the release of Radiator version 4.26. This version contains new features, enhancements, and bug fixes. 

Selected compatibility notes, enhancements and fixes

  • TLSv1.3 is currently disabled for AuthBy DUO.
  • AuthBy SQLTOTP now supports CHAP, MSCHAP and MSCHAPv2. EAP-MSCHAPv2 is supported with MSCHAPv2 conversion. Encrypted PIN is now supported for PAP, EAP-OTP and EAP-GTC.
  • Radiator SIM Pack 2.7 and Carrier Pack 1.7, or later, are strongly recommended.

Known caveats and other notes

  • TLSv1.3 remains disabled by default for TLS based EAP methods and Stream based classes, such as RadSec.
  • EAP-FAST functionality is reported to vary between TLS versions, TLS library security level settings and client implementations.

More detailed changes can be found in the revision history.

Radiator packages are available to download for current licensees from the downloads page and the Radiator repository.

Access to download the latest release can be renewed by placing an online renewal order or contacting sales@radiatorsoftware.com