Well-Maintained and Secured Servers

Green Rocket Security understands that GreenRADIUS servers are to be deployed into exposed environments. This means the servers must be hardened against potential attacks. As a security vendor, Green Rocket Security continually monitors both vulnerability reports and the latest techniques in system hardening, providing updates to our customers to ensure their systems are as secure as possible.

Firewall Configurations

GreenRADIUS uses the following ports for administration of the system and for authentication attempts:

PORT: 22

ssh for remote administration

PORT: 443

Access to the web admin interface over SSL

PORT: 1812 UDP

RADIUS authentication

PORT: 9443

for Windows Logon and mobile app deployments

Note that when LDAP or LDAPS is configured, only the specifically configured port is needed: port
389 for LDAP
and port 636 for LDAPS.

SSH Configuration

To minimize the potential for access to GreenRADIUS through ssh, OpenSSH is configured by default to only accept connections from the local network. This can be updated to meet customer needs, but a “secure by default” configuration is provided.

GreenRADIUS Services

The following services make up the functionality of GreenRADIUS:

  • Apache - Web server for administration
  • FreeRADIUS - RADIUS Server
  • PostgreSQL - Database for the server
  • OpenLDAP - Local LDAP server (if needed)
  • Webmin & miniserv - Webmin server for management
  • OpenSSH - ssh server

GreenRADIUS 2FA Administrator Authentication

GreenRADIUS fully supports using 2FA for admin access to its services, both to the web interface and command line.