by
Rikish Dattani , Network Security Consultant , European IT Multinational Company
RADIUS - Remote authentication Dial-In User Services is a predominant protocol used by almost all the security appliances, routers and switches for implementing AAA - Authentication, Authorization and Accounting to enhance the security of the network.
Radius is a open/RFC standard protocol and it uses UDP as transport protocol. Radius uses unidirectional challenge and response system between AAA server and security appliances/routers/switches. It encrypts only the password and entire packet is not encrypted. It works in both local and roaming situations and is commonly used for extensive accounting functionality. It supports remote-access technologies,802.1x and session initiation protocol. It is widely used by VoIP service providers for providing authentication and authorization on the network devices.
Radius can be used to communicate between security appliances/routers/switches and AAA servers. Radius combines the authentication and authorization process but separates accounting.
When any client wants the access on the routers/security appliances/switches, AAA configured on these devices would ask the user name and password from the client. Once the username and password is supplied by the client then those credentials sent to configured Radius server using radius protocol. Radius server then checks those credentials and provides authentication and authorization to the clients. This way Radius server provides security for network infrastructure.
by
MOHAMMAD E , ICT Consultant -Sr. IT Network and Security Engineer (outsourcing / Freelancer) , SCC , Outsourcing
First of all we should know how Radius Server work?
It Depends mainly on AAA and the meaning of AAA is :
Authentication Authorization and Accounting
So we should apply each term through the operation of securing using Radius server
Radius server can be installed and configured on Microsoft server or Linux server and there are many devices which support that protocol.
I will give an example about that in the next answer
Radius server give attributes like VLAN,IP address after authentication/authorization and it also support EAP/TLS for801.x for encryption mainly used in wireless. It can also be integrated with Active Directory.