Like what you see? Get it in one document for easy printing!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 2:  Communication Security (Domain 2.0; 20%)
      9  2.1  Remote Access

Previous Topic/Section
2.1.2  VPN
Previous Page
Pages in Current Topic/Section
1
Next Page
2.1.4  TACACS/XTACACS/TACACS+
Next Topic/Section

2.1.3  RADIUS

Remote Authentication Dial In User Service, or RADIUS, is the de-facto standard client/server protocol that authenticates and authorizes users connecting to a network, to access the network’s resources, utilizing a centralized database. If you use a dial-up ISP, it’s highly likely that RADIUS is used to validate your logon information when you connect.

You can think of it as protecting the “radius” of a network by not letting in those who are unauthorized to be there. Its client/server architecture allows centralized administration of a user database, even if users’ locations may span an entire organization, town, state, country, etc. Being the de-facto standard, as specified in RFC 2865, the RADIUS protocol is supported by just about every device out there, new and legacy.

In general, the way RADIUS based authentication works is:

  • A user dials in (via modem, DSL, etc.) as a client to a remote access server, and provides credentials (user/password) in response to the remote access server’s request

  • The remote access server (itself a client to a RADIUS server) communicates the credentials to the RADIUS server, after encrypting it by computing an MD5 hash (see chapter 4) of it using a “secret” shared between client and server (this is an example of one way in which credentials are communicated)

  • The RADIUS server uses a user/password database or perhaps integration with a network-based authentication system like Windows passwords or LDAP to validate the password, and returns the results to the remote access server

  • The remote access server then accepts or denies the connection

More info on how RADIUS works can be found in the footnote144. It is regarded by many as providing more security during remote access user authentication than its main competitors, LDAP and TACACS+.145

RADIUS

RADIUS is a client/server protocol that authenticates users connecting to a network, usually by consulting a centralized database of users. RADIUS is a widely supported and popular authentication protocol, which many users consider providing better authentication security than its main alternatives, TACACS+ and unencrypted LDAP alone.


[spacer]RADIUS Performance

Recent scalability and performance advancements have included “Distributed RADIUS” in which multiple tiers of RADIUS servers are connected together and “forward authentication” in which requests goes up the RADIUS server tree via a proxy RADIUS protocol.


Figure 18: Security Databases are centralized in RADIUS.

 



 __________________

144. http://www.cisco.com/warp/public/707/32.html

145. Hill, Joshua, “An Analysis of the RADIUS Authentication Protocol,” http://www.untruth.org/~josh/security/radius/radius-auth.html

Previous Topic/Section
2.1.2  VPN
Previous Page
Pages in Current Topic/Section
1
Next Page
2.1.4  TACACS/XTACACS/TACACS+
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.