On Jul 10, 2024, at 3:55 PM, Brian Julin <BJulin@clarku.edu> wrote:
Alan DeKok wrote:
As news of the Blast RADIUS vulnerability spreads, we wanted to let you know about resources that we’ve put together for you. The big takeaway is this: ********. You MUST UPGRADE your systems as soon as possible. *********
Just wanted to thank Alan. We lucked out, our NAS units all seem to send a Message-Authenticator.
If you can say, which vendor?
I suspect Alan's advocacy for securing the RADIUS protocol over the years is a major reason why.\
It's good to hear that my efforts have some positive benefit. So yes, if the NASes send Message-Authenticator, then set "require_message_authenticator = yes" for each client, and you're secure. You should likely upgrade the NASes eventually, but that can be done as part of normal maintenance processes. Alan DeKok.