2198

Get a Live Demo

You need to see DPS gear in action. Get a live demo with our engineers.

White Paper Series

Check out our White Paper Series!

A complete library of helpful advice and survival guides for every aspect of system monitoring and control.

DPS is here to help.

1-800-693-0351

Have a specific question? Ask our team of expert engineers and get a specific answer!

Learn the Easy Way

Sign up for the next DPS Factory Training!

DPS Factory Training

Whether you're new to our equipment or you've used it for years, DPS factory training is the best way to get more from your monitoring.

Reserve Your Seat Today

Smart Access Control Starts with Centralized RADIUS Authentication

By Andrew Erickson

September 22, 2025

Share: 

Managing and modifying who can log into your critical network gear - across hundreds of routers, RTUs, and switches - is a big challenge. Ideally, you can achieve the opposite: being able to revoke a tech's access instantly, without visiting a single site.

That's what you get with centralized RADIUS authentication. And frankly, it's what your infrastructure demands if you're serious about uptime, security, and operational control.

Network Security

Hidden Risks Lurk in Device-Level Logins

Most network engineers we talk to know that local logins are a problem. However, they often underestimate just how much risk this creates.

When you're managing a large network - with dozens or hundreds of remote sites - keeping access secure gets exponentially harder when every device maintains its own list of usernames and passwords.

Some issues that can (and often do) arise include:

  • Technicians leaving, but still having access to mission-critical equipment
  • Contractors being granted broad login rights that exceed their scope
  • Shared credentials that are used to simplify access... and destroy accountability
  • You forgetting to remove access from just one device, and your security perimeter collapses

Even worse, if you're in a regulated industry - like power utilities under NERC CIP or telcos handling sensitive public infrastructure - this kind of access control failure can get you fined or cause a major security incident.

The bottom line is local login management doesn't scale. It's time-consuming, error-prone, and fundamentally insecure.

Conventional "Fixes" Still Don't Solve the Problem

Most companies try to patch their access control systems over time. Maybe you've done one (or all) of the following:

  • Added basic RADIUS support to a handful of routers
  • Created an internal wiki to track who has access to what
  • Switched from local logins to LDAP but still update devices manually
  • Set up VPN tunnels with hard-coded user lists

These all seem like improvements on paper. But they're still not a single centralized intelligence. That would mean the ability to manage access, log activity, and respond to threats across your entire network from a single interface.

If your access control solution can't do that, it's not solving the root problem - it's just delaying it.

Get Total Access Control in Real Time

What if, instead of worrying about forgotten logins or rogue access, you could:

  • Grant or revoke user access in seconds, across all equipment
  • See exactly who's logging into what, when, and from where
  • Get real-time alerts when login attempts fail or patterns look suspicious
  • Define precise roles that limit access by site, job function, or device type
  • Apply MFA, complex passwords, and login policies automatically
  • Enforce consistency across vendors, devices, and protocols - without truck rolls

That's not a wishlist. It's what centralized RADIUS authentication (done right) can do.

That's precisely why we've added RADIUS support to our NetGuardian RTUs. We want you to have the ability to add them to your overall access management system.

What Makes a Smart RADIUS System "Smart"?

RADIUS (Remote Authentication Dial-In User Service) isn't new. However, modern, smart RADIUS systems go far beyond basic yes/no authentication.

Real access control systems should offer:

1. Live Authentication Logs

Know what's happening right now. See login events in real time, including who accessed what device, from where, and whether they succeeded or failed.

2. Granular Login Policies

Don't give field techs the keys to the entire kingdom. With role-based policies, you can restrict access to only what's necessary - by role, geography, or equipment type.

3. Alerting & Logging

Instant alerts for failed logins, lockouts, or suspicious login patterns help you stop security threats before they escalate.

4. Role-Based Access Control (RBAC)

Only engineers need CLI access to core routers. Contractors don't need access beyond one site. RADIUS lets you enforce these boundaries automatically.

5. Web-Based User Management

Skip the terminal windows. A secure, centralized web GUI makes it easy to manage users, assign roles, and audit activity - whether you're in the NOC or on the road.

The 7 Features Every Industrial RADIUS Server Must Have

1. LDAP & Active Directory Integration

Sync user accounts with your existing directory structure. This gives you:

  • Instant provisioning/deprovisioning
  • Password policy enforcement
  • No more siloed login databases

2. Role-Based Access Control (RBAC)

Fine-grained control of who can log in where:

  • Restrict field techs to specific RTUs
  • Block contractors from config changes beyond the scope of their work - or after their contract with you ends.
  • Assign read-only access where needed

3. Multi-Factor Authentication (MFA)

Two-factor authentication is increasingly mandated - especially for sensitive gear.

Use:

  • Hardware tokens
  • Mobile app authenticators
  • SMS-based codes

MFA drastically reduces the effectiveness of stolen credentials, since the second authentication method is still required...

4. Secure Web GUI

A powerful web interface means easier administration, lower training requirements, and fewer costly errors.

  • Add/remove users
  • Change access levels
  • Monitor logs - all from your browser

5. Encrypted Protocol Support (TLS, SSL, PAP, CHAP)

RADIUS should support secure authentication protocols to protect login data in transit.

  • No plaintext passwords
  • Legacy support where needed
  • TLS/SSL for modern infrastructure

6. Real-Time Logging & Alerting

Security logs should be available live and exportable to your master alarm systems (like T/Mon).

  • Failed login alerts via SNMP or email
  • Access timestamps + source IPs
  • Full audit trail for compliance

7. Broad Device Compatibility

Your RADIUS system must work with:

  • Cisco, Juniper, and other routers
  • SNMP gear
  • Firewalls and VPN concentrators
  • Older devices via TACACS+ fallback

Utilize RTUs with Built-In RADIUS

Here's the good news: If you already use NetGuardian RTUs from DPS, you're almost there.

Every current-generation NetGuardian includes:

  • Native RADIUS client support
  • Hardened proprietary firmware (no Windows headaches)
  • Secure CLI and web GUI logins (via SSH and TLS 1.2)
  • Compatibility with your existing RADIUS infrastructure
  • SNMP/Syslog forwarding to T/Mon or other managers

There's no need for additional hardware. Your access control system is already in place - you just need to activate and configure it.

Work With What You Already Own

The NetGuardians with RADIUS support other open standards, giving you additional compatibility with devices like:

  • SNMP gear from virtually any vendor
  • Legacy RTUs
  • T/Mon master stations for centralized alerting + user authentication

Centralized Management Allows for Instant Updates

Without centralized control, updating user access means logging into dozens of devices, applying changes manually, and hoping you didn't miss one.

With smart RADIUS:

  • Add or remove a user once
  • Apply complex password rules network-wide
  • Enforce multi-factor authentication on critical gear
  • Instantly disable access for a departing employee

RADIUS helps you sleep better knowing there aren't leftover credentials lurking in forgotten devices.

This Isn't an Optional Accessory Anymore

Here's what's happening in the real world:

  • Bad actors target remote access systems first - because they're often underprotected
  • Insider threats (whether intentional or, often, merely accidental) cause costly downtime
  • Compliance audits increasingly focus on login traceability and access control
  • Operational teams are burning time managing logins the hard way

If your current solution doesn't give you visibility, control, and rapid response, it's time for an upgrade.

What Makes DPS Different

Anyone can slap a RADIUS label on a product spec sheet.

At DPS, we've spent the last 30+ years building monitoring systems that secure real infrastructure. We're not an access control company trying to sell into telecom. We're telecom infrastructure people who saw a problem and solved it.

Our NetGuardian RTUs and T/Mon master stations are designed for:

  • Harsh environments
  • Zero-trust security models
  • Multi-vendor compatibility
  • Real-time network control

And our RADIUS implementation reflects that experience.

Let's Talk About Your Access Control Setup

You probably don't have time to research every option out there. You've got sites to maintain and SLAs to hit.

So let me make this easy. Give me a call, and I'll help you:

  • Review your current authentication setup
  • Identify weak points in access control
  • Recommend a step-by-step upgrade path
  • Answer your technical questions in plain English

Whether you're starting from scratch or optimizing an existing system, I'll guide you through it.

Call me at 559-454-1600
Or email: sales@dpstele.com

We'll give you real answers and practical advice.

Share: 
Andrew Erickson

Andrew Erickson

Andrew Erickson is an Application Engineer at DPS Telecom, a manufacturer of semi-custom remote alarm monitoring systems based in Fresno, California. Andrew brings more than 18 years of experience building site monitoring solutions, developing intuitive user interfaces and documentation, and opt...