|Like this CertiGuide? Get it in PDF format!|
Use coupon code "certiguide" to save 20%!
|Also available: 300-question Security+ practice test!|
|Get It Here!|
Remote Authentication Dial In User
Service, or RADIUS, is the de-facto standard client/server protocol
that authenticates and authorizes users connecting to a network, to
access the networks resources, utilizing a centralized database.
If you use a dial-up ISP, its highly likely that RADIUS is
used to validate your logon information when you connect.
You can think of it as protecting
the radius of a network by not letting in those who are
unauthorized to be there. Its client/server architecture allows centralized
administration of a user database, even if users locations may
span an entire organization, town, state, country, etc. Being the de-facto
standard, as specified in RFC 2865, the RADIUS protocol is supported
by just about every device out there, new and legacy.
In general, the way RADIUS based
authentication works is:
- A user dials in (via modem, DSL, etc.) as a client
to a remote access server, and provides credentials (user/password)
in response to the remote access servers request
- The remote access server (itself a client to
a RADIUS server) communicates the credentials to the RADIUS server,
after encrypting it by computing an MD5 hash (see chapter 4) of it using
a secret shared between client and server (this is an example
of one way in which credentials are communicated)
- The RADIUS server uses a user/password database
or perhaps integration with a network-based authentication system like
Windows passwords or LDAP to validate the password, and returns the
results to the remote access server
- The remote access server then accepts or denies
More info on how RADIUS works can
be found in the footnote144. It is regarded by many as providing more security
during remote access user authentication than its main competitors,
LDAP and TACACS+.145
RADIUS is a client/server protocol that authenticates users connecting to a network, usually by consulting a centralized database of users. RADIUS is a widely supported and popular authentication protocol, which many users consider providing better authentication security than its main alternatives, TACACS+ and unencrypted LDAP alone.
Recent scalability and performance advancements have included Distributed RADIUS in which multiple tiers of RADIUS servers are connected together and forward authentication in which requests goes up the RADIUS server tree via a proxy RADIUS protocol.
Figure 18: Security Databases are centralized in RADIUS.
145. Hill, Joshua, An Analysis of the RADIUS Authentication Protocol, http://www.untruth.org/~josh/security/radius/radius-auth.html
|If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!|
Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.