Introduction:
Network administrators need a way to guard
their modems against break-ins. When a modem is reachable, the network becomes
vulnerable to security problems.
Since modem pools are by definition a link
to outside world, they require careful attention to security, authorization and
accounting. The strategy for verifying the identity of, granting access to, an
tracking to actions of remote users is known as authentication, authorization,
and accounting (AAA).
RADIUS supplies an open protocol which
enables interfaces with networks with large modem pools, along with increasing
security and preventing people from abusing the network.
Livingston Enterprise developed a
distributed security solution called Remote Authentication Dial-In User Service, or RADIUS, which defines a protocol that
gives a solution to security requirements of remote computing. This solution is
implemented in the software level, and does not require any hardware. The authentication and authorization
are separated from the user's communication process by Distributed security which allows a unique and central location
for the user's authentication data needed.
Based on a model of distributed security previously defined by the Internet
Engineering Task Force (IETF), RADIUS provides an open and scalable
client/server security system. Any server or network hardware that supports
RADIUS client protocols can communicate with a RADIUS server. The RADIUS can
support different kind of networks and users.
How
does it work?
The user connects to a server through a modem
pool and once the connection is made, the server will prompt the user for his
name and password. The RADIUS client will receive the detail from the user and
will encrypt his password. Then, the authentication request will be received by
the RADIUS server which will validate the request and decrypt the data. The
user's name and password will be sent for verification by the security system,
and then (if the data is correct) the server will send Authentication
Acknowledgment which includes data about the user's network system and service
requirements. The authentication process will limit specific users to the
specific network resources it is allowed to use.
Once all the information is received by the
server, the user will receive network service which are customized for his
needs.
While the user is connected to the server,
the RADIUS client will send the server data for Accounting used for billings.
