11 Oct
2019
11 Oct
'19
9:45 a.m.
On Thu, Oct 10, 2019 at 09:01:08AM -0400, Alan DeKok wrote:
My understanding is having a RADIUS server listening directly on the internet would be bad security-wise, and should not be done, is this correct?
Yes.
Yes, because the communication between radius server and radius client (AP, switch,...) would be unencrypted? Or yes, because you consider the radius server to have a high attack surface and thus should never be publicly reachable, even though access to it is controlled via the clients.conf file? -HC