RADIUS PROTOCOL

RADIUS and AAA

RADIUS and AAA

What is RADIUS ?

  • Remote Authentication Dial In User Service”, is a network protocol- a system that defines rules and conventions for communication between network devices - for remote user authentication and accounting. Commonly used by Internet Service Providers (ISPs), cellular network providers, and corporate and educational networks.
    The RADIUS protocol serves three primary functions:
      • Authenticates users or devices before allowing them access to a network
  • Authorizes those users or devices for specific network services
  • Accounts for and tracks the usage of those services
    Benefits:
      1. open and scalable solutions
  2. Brode support by a large vendor base
  3. Easy modification
  4. Adaptable to most security systems
  5. Workable with any communication device that supports RADIUS client protocol
  • RADIUS has been widely accepted by Internet Service Providers (ISPs) to provide Virtual Private Network (VPN) services.

AAA

  • Radius is one of the member of AAA protocol, AAA is an architecture or structure that identify the users (authentication) and grand permitions to do activities (authorization) to users and also it accounts their activities.

  • Parts : Authenication, Authorization, and Accounting.

  • Examples of AAA protocol : RADIUS, TACACS+ and Diameter..

    Authenication:

      * who you are ?
  * process of validating the identity of the user.
  * Identifies the user as someone who is allowed to access the network.

    Authorization:

      * process of determining what permissions are granted to the user.
  * You are permitted.
  * Combines information from the NAS and policy of the RADIUS server.
  * Response to the NAS with instructions detailing which actions are allowed or denied.    
  + During the user’s network session the policy definition is essentially static. There is no way for the
      user to request policy changes in RADIUS.

    Accounting:

      * The amount of system time used, the amount of data sent, or the quantity of data received by the user 
      during a session.
  * NAS periodically sends an accounting of user activity to the server. This accounting is a summary.

    Auditing:

      * Proactive analysis of accounting logs and other data. data

Comments

Post a Comment

Popular Posts