The RADIUS (Remote Authentication Dial-In Service) protocol is a client-server networking protocol that facilitates communication between a central server and individual users who want to gain access to the server.
Essentially, RADIUS allows remote access servers to communicate with the central server to authenticate and authorize remote user access. With RADIUS, companies can store user profiles in a central database that can be shared across all remote servers.
How does RADIUS work?
RADIUS works based on a client/server model. Users connect to a RADIUS client, which is a network access server (NAS). The NAS then verifies the user’s information through the RADIUS authentication server. The connection information can include details such as a username, a password, and an IP address.
In complex or geographically spread out networks, a RADIUS proxy client can be used to forward authentication requests to other RADIUS servers.
There are a few types of remote user access authentication servers:
- Virtual private network servers: These accept requests from users and facilitate secure connections to private networks.
- Wireless access points: Wireless access points accept requests from wireless clients and facilitate access to a network
- Managed network access switches: These implement the 802.1x authenticate access protocol
After authentication, the RADIUS server also verifies the level of access a user has. This ensures that only authorized persons have access to a company’s data. In addition to authentication, RADIUS can also report the volume of resources used during a session, which can be useful for billing purposes. Resource utilization is valuable for managed service providers (MSPs).
RADIUS authentication methods
After a user provides their login credentials, the RADIUS server uses one of the following authentication methods:
- Password Authentication Protocol (PAP): This relies on a RADIUS client forwarding a user ID and password to the RADIUS authentication server. If the credentials prove to be correct, the client allows the remote user’s connection.
- Challenge Handshake Authentication Protocol (CHAP): This protocol relies on the sharing of an encrypted secret between the client and server. It is considered more secure than the PAP.
- MS-CHAP: This is Microsoft’s version of CHAP. It is used with VPNs.
- Extensible Authentication Protocol (EAP): This is typically used with wireless networks and point-to-point connections.
How is RADIUS used?
RADIUS is often used in situations where a remote worker needs to access a company’s network and data centers. It ensures that only authenticated, authorized users are granted access with minimal disruptions to the employee’s productivity.
Additionally, RADIUS is an important part of the zero trust security framework in which all users are assumed to be a threat. RADIUS is fundamental to the authentication and authorization elements that consistently verify a user’s identity and permissions.
RADIUS provides a central platform for user and system authentication, which makes managing user access a much easier task. The centralized nature of RADIUS also makes it easy for multiple IT administrators to manage the same network.
Plus, the fact that each user has unique credentials in a RADIUS environment eliminates the need for routine password updates. This minimizes the vulnerabilities associated with traditional password security.
Perhaps most importantly, RADIUS prevents attackers from successfully intercepting a valid user’s network connection. Network administrators can verify that every connected user is who they say they are and has the right access privileges to do their job.
RADIUS is typically implemented on-premise, which can make it difficult and time-consuming to set up and maintain. However, there are cloud-based options that can make implementation and maintenance easier.
Additionally, there are many different configuration options that can make it difficult to set up a new RADIUS server and integrate it into an existing environment. These roadblocks can inhibit efficiency and productivity.
The volume of RADIUS solutions on the market can be overwhelming, too. Selecting the right RADIUS server can be a tedious endeavor that involves evaluating the organization’s needs and comparing potential solutions to find the one that will work best.
Our list of the Best Low-Cost RADIUS Servers can provide a valuable starting point in the buying process.