[EXT] Blast RADIUS resources to protect your network
Alan DeKok
aland at deployingradius.com
Wed Jul 10 20:27:49 UTC 2024
On Jul 10, 2024, at 3:55 PM, Brian Julin <BJulin at clarku.edu> wrote:
>
> Alan DeKok wrote:
>> As news of the Blast RADIUS vulnerability spreads, we wanted to let you know about resources that we’ve put together for you.
>> The big takeaway is this:
>> ********. You MUST UPGRADE your systems as soon as possible. *********
>
> Just wanted to thank Alan. We lucked out, our NAS units all seem to send a Message-Authenticator.
If you can say, which vendor?
> I suspect Alan's advocacy for securing the RADIUS protocol over the years is a major reason why.\
It's good to hear that my efforts have some positive benefit.
So yes, if the NASes send Message-Authenticator, then set "require_message_authenticator = yes" for each client, and you're secure. You should likely upgrade the NASes eventually, but that can be done as part of normal maintenance processes.
Alan DeKok.
More information about the Freeradius-Users
mailing list