U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

  1. Checklist Repository

CIS FreeRADIUS 1.1.3 Benchmark v1.0.0 Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name
FreeRADIUS 1.1.3 cpe:/a:networkradius:freeradius:1.1.3 (View CVEs)

Checklist Highlights

Checklist Name:
CIS FreeRADIUS 1.1.3 Benchmark
Checklist ID:
270
Version:
v1.0.0
Type:
Compliance
Review Status:
Archived
Authority:
Third Party: Center for Internet Security (CIS)
Original Publication Date:
08/02/2007

Checklist Summary:

This benchmark is intended to assist administrators in securing FreeRadius, the most popular open source RADIUS server used to provide network access control, including authentication, authorization and accounting. RADIUS stands for Remote Authentication Dial In User Service, published as RFC 2865 and RFC 2866. Although RADIUS was originally used for dial-up network access control, it's also commonly used for other network access controls, such as DSL, 802.1X, wireless 802.11, and VoIP. Of course RADIUS servers are just one part of a typical network infrastructure, and their security depends in part on the security of the rest of the infrastructure. However, this benchmark will focus primarily on the secure configuration of the FreeRadius server.

Checklist Role:

  • Server

Known Issues:

Not provided.

Target Audience:

This benchmark is intended to assist administrators in securing FreeRadius, the most popular open source RADIUS server used to provide network access control, including authentication, authorization and accounting. RADIUS stands for Remote Authentication Dial In User Service, published as RFC 2865 and RFC 2866. Although RADIUS was originally used for dial-up network access control, it's also commonly used for other network access controls, such as DSL, 802.1X, wireless 802.11, and VoIP. Of course RADIUS servers are just one part of a typical network infrastructure, and their security depends in part on the security of the rest of the infrastructure. However, this benchmark will focus primarily on the secure configuration of the FreeRadius server. While the majority of the recommendations and steps outlined in this document apply to most Unix systems, it should be noted that specific paths and some syntax may vary for some Unix platforms so the reader is encouraged to be familiar with the differences specific to their individual platforms. The provided configurations have been tested using FreeRadius 1.1.3 on Red Hat Fedora Core 6. The audience for the document is at the level of an experienced system administrator, with some specific experience in administering the FreeRadius server. The configuration and security controls provided have been developed through a consensus effort of best practices recommended by a majority of participating security experts.

Target Operational Environment:

  • Managed

Testing Information:

The provided configurations have been tested using FreeRadius 1.1.3 on Red Hat Fedora Core 6.

Regulatory Compliance:

Not provided.

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

The Center for Internet Security ("CIS") provides benchmarks, scoring tools, software, data, information, suggestions, ideas, and other services and materials from the CIS website or elsewhere ("Products") as a public service to Internet users worldwide. Recommendations contained in the Products ("Recommendations") result from a consensus-building process that involves many security experts and are generally generic in nature. The Recommendations are intended to provide helpful information to organizations attempting to evaluate or improve the security of their networks, systems, and devices. Proper use of the Recommendations requires careful analysis and adaptation to specific user requirements. The Recommendations are not in any way intended to be a "quick fix" for anyone's information security needs. CIS makes no representations, warranties, or covenants whatsoever as to (i) the positive or negative effect of the Products or the Recommendations on the operation or the security of any particular network, computer system, network device, software, hardware, or any component of any of the foregoing or (ii) the accuracy, reliability, timeliness, or completeness of the Products or the Recommendations. CIS is providing the Products and the Recommendations "as is" and "as available" without representations, warranties, or covenants of any kind.

Product Support:

http://networkradius.com/support/

Point of Contact:

cis-feedback@cisecurity.org

Sponsor:

http://www.cisecurity.org/

Licensing:

Not provided.

Change History: 

Updated URL - 7/26/19
Archive - 8/31/23
updated to ARCHIVE - 10/2/2023

Dependency/Requirements:

URL Description

References:

Reference URL Description

NIST checklist record last modified on 10/02/2023