"The first place to start is to secure the system being used for
the RADIUS server. There are various techniques to use for this,
but at the most basic level you should dedicate a single server to
the task. This limits the exposure of the RADIUS server and insures
that vulnerabilities in other services running on the system do not
lead to the RADIUS server being compromised."