two-factor authentication, multi-factor authentication, secure access, RADIUS server, free download, secure password

GreenRADIUS Security

Green Rocket Security understands that GreenRADIUS servers are to be deployed into exposed environments and that this means the servers must be hardened against potential attacks. As a security vendor, Green Rocket Security continually monitors both vulnerability reports and the latest techniques in system hardening, providing updates to our customers to ensure their systems are as secure as possible.

GreenRADIUS Hardening

The GreenRADIUS virtual machine is hardened following security best practices as outlined by CIS Security Benchmarks for Linux servers.  This guide can be found at https://benchmarks.cisecurity.org.

Following this guidance, unnecessary services have been disabled, leaving only what is absolutely necessary for GreenRADIUS to provide its services (as detailed below).

Firewall Configurations

GreenRADIUS is configured to restrict inbound network access to only those services which are absolutely necessary for the functionality of the server.  The following ports are open by default:

Port(s)Service
22ssh for remote administration
443Webmin console over SSL
1812 UDPRADIUS authentication
50000GreenRADIUS Server synchronization

Note that when LDAP or LDAPS is configured, only the specifically configured port is opened. For LDAP that is port 389 and for LDAPS the port is 636. Green Rocket Security recommends always configuring LDAPS for queries to your directory.

SSH Configuration

To minimize the potential for access to GreenRADIUS through ssh, OpenSSH is configured by default to only accept connections from the local network. This can be updated to meet customer needs, but a “secure by default” configuration is provided.

GreenRADIUS Services

The following services make up the functionality of GreenRADIUS:

ServiceDescription
ApacheWeb server for administration
FreeRADIUSRADIUS Server
PostgreSQLDatabase for the server
OpenLDAPLocal LDAP server (if needed)
Webmin & miniservWebmin server for management
OpenSSHssh server

GreenRADIUS 2FA Administrator Authentication

GreenRADIUS fully supports using 2FA for admin access to its services, both to the web interface and command line.