RadSec Dynamic Server Discovery
Sebastian Hagedorn
Hagedorn at uni-koeln.de
Tue Jan 12 11:16:50 CET 2016
--On 12. Januar 2016 um 10:06:42 +0000 A.L.M.Buxey at lboro.ac.uk wrote:
>> They also claim that it's less secure to expose the RADIUS servers
>> directly, but I don't really buy that argument.
>
> eh? if you just use a national proxy you only need prot 2083 open to
> those few hosts.
>
> if you use dynamic server discovery you need to open up port 2083 to the
> whole internet (as you dont know the source addresses of all legitimate
> RADIUS servers).
I believe their point is that you only expose the proxy, which they
recommend to run on different hosts than the actual servers. Anyway, that
argument is orthogonal to the one about Dynamic Server Discovery.
--
.:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
.:.Regionales Rechenzentrum (RRZK).:.
.:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160112/4846de07/attachment.sig>
More information about the Freeradius-Users
mailing list