Improved Security, Reliable Processing, Enhanced Efficiency & Flexible Implementation
Radius Server - Secure Remote Access To Servers
Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.
RADIUS allows a company to maintain user profiles in a centralized database that is usually shared by all connected remote servers. The Radius server provides enhanced security and enables organizations to set up a policy that can be applied at a single administered network point. The benefit of having centralized service is easier tracking of billing, usage and network statistics.
A RADIUS server implements RFC 2865 and RFC 2866 RADIUS authentication and accounting protocols, which are UDP-based protocols. During the RADIUS authentication phase a network client connects to a network access server (NAS) and provides authentication credentials.
Radius Server Protocols
Radius Server implements authentication protocols such as PAP, CHAP, MS-CHAP, PEAP, EAP-TTLS, EAP-TTLS, SIP Digest. It also implements RFC 2865 and RFC 2866 RADIUS authentication and accounting protocols, which are UDP-based protocols.
RADIUS attributes can be added to any RADIUS message and can be used to exchange additional information between the NAS and the RADIUS server. The RADIUS server can pass back to the NAS security policies that the NAS needs to enforce for a particular client. There is a set of standard RADIUS attributes specified in the RADIUS protocol specifications.
In addition to that, many vendors define their own, vendor-specific attributes (VSAs) that can be used to control network equipment originating from a particular vendor. The communications between the NAS and the RADIUS server are protected using a shared secret string (RADIUS secret).
– It allows enhanced reporting and tracking based on client usernames, even more so when tied into an LDAP backend such as Active Directory.
– The Radius server offers high security and data protection which is crucial when connecting to remote servers. The server transmits obfuscated passwords using a shared secret and the MD5 hashing algorithm.
– If you need to de-auth a particular user or device, having RADIUS makes this much easier because you disconnect a single user or device without having to change the key for everyone or allow that potential security risk of that user re-joining the network with the known access key.
– You can assign network permissions such as VLAN, firewall policy (including application permissions), QoS settings, tunneling policies, schedules – everything within a user profile can be dynamically assigned to users based on their identity.
Have a Project or Idea?
Connect with Us