Uploaded by jhansi.paleti

RADIUS

advertisement
RADIUS
Remote Authentication Dial-In User Service
RADIUS

Remote Authentication Dial-In User Service (RADIUS) is a
networking protocol that authorizes, authenticates and
accounting users who access a remote and local network’s

RADIUS is an important tool for managing network access
because it can prevent unauthorized users—and attackers—from
infiltrating your network.

It is commonly used to connect embedded routers, modem
servers, software, and wireless apps.
RADIUS Services
•
Authentication : It Identify remote users, and Control which users
can access the network
• Authorization : It define what each user can do by controlling
access to network resources
• Accounting : RADIUS accounting functions allow data to be sent at
the start and end of sessions, indicating the amount of resources
(such as time, packets, bytes, and so on) used during the session
Radius Authentication Process
Radius Authentication Process

A user sends a request to Client it carries the user’s credentials to the Client.
This may include the user’s network address, username, and password.

Client forwards an Authentication Request Packet to the RADIUS Server,
containing user identification, encrypted password, and Client identification.
Radius Authentication Process

RADIUS Server validates the user and sends the Client an
Authentication Acknowledgement packet containing user
configuration and either
1)Access-accept : Specifying what network services and
privileges the RAS should provide to the user or
2) Access-reject : Denying the Authentication Request
3) Access-Challenge : sent by the RADIUS server requesting
more information in order to allow access. The NAS,
after
communicating with the user, responds with
another AccessRequest.
Password Authentication protocols

For Password Authentication we use different protocols for
example PAP , CHAP , etc...

PAP is a password Authentication Protocol used by PPP links to
validate users. PAP authentication requires the calling device to
enter the username and password. If the credentials match with
the local database of the called device or in the remote AAA
database then it is allowed to access otherwise denied.

CHAP is a more secure method of authentication than PAP. It
eliminates the process of sending clear-text passwords and
instead utilizes encryption to mask the information being
transferred.
Uses

Used to secure many university networks that provide dial-in IP
connectivity to students and faculty.

Used by many Internet service providers to provide security to users
accessing their networks from multiple POPs (Points Of Presence)
Download