What are the Differences Between Classic RADIUS and RadSec?

Learn how Classic RADIUS and RadSec differ in terms of security, transport protocols, and use cases.

Why are There Different Types of RADIUS?

Classic RADIUS

Classic RADIUS was introduced in the early 1990s as a protocol for managing network access. It uses UDP (User Datagram Protocol) for communication, which is fast but lacks built-in security features. As networks grew and started to span untrusted environments like the internet, the need for a more secure version of RADIUS became apparent. This led to the development of RadSec, which uses TCP (Transmission Control Protocol) and TLS (Transport Layer Security) to provide encrypted communication.

RadSec

RadSec began adoption in the 2000s, particularly in scenarios where RADIUS traffic needed to traverse untrusted networks. By leveraging TLS, RadSec ensures that all RADIUS messages are encrypted, protecting sensitive information from interception and tampering. Since its introduction, RadSec has gained traction in environments that prioritize security, such as large enterprises and service providers. However, it’s not supported on all RADIUS devices, especially in legacy environments. It also requires additional setup since TLS certificates must be managed on both the RADIUS server and clients.

How Do I Choose Between Classic RADIUS and RadSec?

When deciding between Classic RADIUS and RadSec, consider the following factors:

  • Security Requirements: If your RADIUS traffic will traverse untrusted networks, RadSec is the better choice due to its encryption capabilities. For internal networks where security risks are lower, Classic RADIUS may suffice.
  • Compatibility: Ensure that your RADIUS clients and servers support the chosen protocol. Classic RADIUS is widely supported, while RadSec may not be available on all devices.
  • Performance: Classic RADIUS, using UDP, may offer lower latency in high-throughput environments. RadSec’s use of TCP and TLS introduces some overhead, which could impact performance in very high-traffic scenarios.
  • Complexity: RadSec requires managing TLS certificates, which adds complexity to the setup and maintenance of your RADIUS infrastructure. Classic RADIUS is simpler to implement but lacks the security features of RadSec.

At a Glance: Classic RADIUS vs RadSec

Feature Classic RADIUS RadSec
Transport Protocol UDP (User Datagram Protocol) TCP (Transmission Control Protocol)
Ports 1812 (Authentication), 1813 (Accounting) 2083
Security Limited security; only the password is hashed Encrypted communication using TLS (Transport Layer Security)
Use Cases Internal networks, legacy systems Untrusted networks, high-security environments