Question

Complete a 250-400-word description of the purpose of a RADIUS server and how RADIUS accomplishes authentication and authorization of remote connections.

Answer 1

RADIUS stands for Remote Authentication Dial-in Service.

A protocol is a set of rules that defines the mode of communication or operation.RADIUS protocol is used in computer networking that comes with 3 AAA.

• Authentication-If you are the user and want to use the communication channel,then you must verify who you are
• Authorisation-defines how much access you have
• Accounting-tracks when u have access to service, how much time you spend and when you are logged out. Thus tracking the interaction with the service

The centralized AAA capabilities of a RADIUS server is a great advantage of heightened security and better efficiency. It provides the ability to preserve the privacy and security of both the system and each individual user.

RADIUS is a client/server protocol running in the application layer and uses either TCP or UDP for transport.  Network access servers which are the gateways to control access to a network, usually contain a RADIUS client component that communicates with the RADIUS server.

RADIUS uses two packet types to manage the full AAA process:

1. Access-Request-manages authentication and authorization;
2. Accounting-Request-manages accounting.

A RADIUS server utilizes a central database to authenticate remote users. RADIUS functions as a client-server protocol, authenticating each user with a unique encryption key when access is granted.

Given below is how the RADIUS server works:

1. Initially the user initiates authentication to the network access server (NAS).

2. The network access server then requests either a username and password or a challenge (CHAP,PAP,EAP-These are the authentication schemes).

3. The user replies.

4. Upon receiving the user’s reply, the RADIUS client sends the username and the uniquely encrypted password to the RADIUS server.

5. The RADIUS server accepts or rejects the user.

The above steps can be explained in detail:

The user will sends a request to a Network Access Server (NAS) to gain access to a particular network resource using access credentials.This NAS then sends a RADIUS Access Request message to the RADIUS server, requesting authorization to grant the access. This request includes access credentials in the form of username and password .The RADIUS server verifies the information is correct using authentication schemes such as PAP, CHAP or EAP. It then returns one of three responses to the NAS: 1) Access Reject, 2) Access Challenge, or 3) Access Accept.

Access Reject-user is unconditionally denied

Access Challenge-Requests additional information from the user.

Access Accept-The user is granted access

After authentication RADIUS server will often check that the user is authorized to use the network service requested.

These RADIUS responses may include a Reply-Message attribute that gives the reason for the rejection, the prompt for the challenge, or a welcome message for the accept. The text in the attribute can be passed on to the user in a return web page.

After access is granted to the user an 'Accounting Start' is sent by the NAS to the RADIUS server to signal the start of the user's network access. FInally, when the user's network access is closed, the NAS issues a final 'Accounting Stop' record to the RADIUS server.The client will sends Accounting-Request packets until it receives an Accounting-Response acknowledgement.

RADIUS stands for Remote Authentication Dial-in Service.

A protocol is a set of rules that defines the mode of communication or operation.RADIUS protocol is used in computer networking that comes with 3 AAA.

• Authentication-If you are the user and want to use the communication channel,then you must verify who you are
• Authorisation-defines how much access you have
• Accounting-tracks when u have access to service, how much time you spend and when you are logged out. Thus tracking the interaction with the service

The centralized AAA capabilities of a RADIUS server is a great advantage of heightened security and better efficiency. It provides the ability to preserve the privacy and security of both the system and each individual user.

RADIUS is a client/server protocol running in the application layer and uses either TCP or UDP for transport.  Network access servers which are the gateways to control access to a network, usually contain a RADIUS client component that communicates with the RADIUS server.

RADIUS uses two packet types to manage the full AAA process:

1. Access-Request-manages authentication and authorization;
2. Accounting-Request-manages accounting.

A RADIUS server utilizes a central database to authenticate remote users. RADIUS functions as a client-server protocol, authenticating each user with a unique encryption key when access is granted.

Given below is how the RADIUS server works:

1. Initially the user initiates authentication to the network access server (NAS).

2. The network access server then requests either a username and password or a challenge (CHAP,PAP,EAP-These are the authentication schemes).

3. The user replies.

4. Upon receiving the user’s reply, the RADIUS client sends the username and the uniquely encrypted password to the RADIUS server.

5. The RADIUS server accepts or rejects the user.

The above steps can be explained in detail:

The user will sends a request to a Network Access Server (NAS) to gain access to a particular network resource using access credentials.This NAS then sends a RADIUS Access Request message to the RADIUS server, requesting authorization to grant the access. This request includes access credentials in the form of username and password .The RADIUS server verifies the information is correct using authentication schemes such as PAP, CHAP or EAP. It then returns one of three responses to the NAS: 1) Access Reject, 2) Access Challenge, or 3) Access Accept.

Access Reject-user is unconditionally denied

Access Challenge-Requests additional information from the user.

Access Accept-The user is granted access

After authentication RADIUS server will often check that the user is authorized to use the network service requested.

These RADIUS responses may include a Reply-Message attribute that gives the reason for the rejection, the prompt for the challenge, or a welcome message for the accept. The text in the attribute can be passed on to the user in a return web page.

After access is granted to the user an 'Accounting Start' is sent by the NAS to the RADIUS server to signal the start of the user's network access. FInally, when the user's network access is closed, the NAS issues a final 'Accounting Stop' record to the RADIUS server.The client will sends Accounting-Request packets until it receives an Accounting-Response acknowledgement.