RADIUS: Provide AAA = Authentication Authorization and Accounting services for remote access server. The separation of a remote access server and a RADIUS (USER authentication server) Allows:
The RADIUS Client and Server to support different OS and hardware architecture
The RADIUS client and Server to Be Geographically separated
3) Secure User Accounts by ensuring the accounts are located on servers within the Private network and do not directly exposed to the network
4) Encryption of authentication Client between the radius client and the RADIUS server using IPSEC.
5)Outsourcing of Dial-up remote access to third party organization so the remote access client connectivity provided by RADIUS client allows the remote access users to:
1)Use a variety of authentication protocols chap, MS-chap or clear text authentication
2)Use a variety of encryption algorithms, such as Microsoft point to point encryption (MPPE) or Data Encryption Standard (DES)
3)Connect with a variety of protocol suits such as TCP/IP or IPS/SPX
4)Connect with a variety of technologies such as DSL,ISDN, or Dial-up
Remote user accounting records the following:
1) Length of time user is connected
2) Remote user authentication success or failure
3) Situations when Radius server is unable to authenticate a radius client
The pupose in having Radius clients and servers is to centralize and secure the authentication for remote users. In order to Thwart an attempt to impersinate a radius client, the Admin sets a shared secret during the configuration of radius. Both client/server know it, its never sent over the network the service uses a hashing system to verify the shared secret.