What is the RADIUS Server and how it works?
Remote Authentication Dial-In User Server (RADIUS) is a protocol used for authorization and authentication. With the RADIUS server, you can control who can connect to your network and whom you want to restrict access. This server can be installed in all network types like wireless, VPN to direct, and dial-up. Hence, it acts as a middle-security layer between the communication of servers and clients.
How does it work?
The process begins when the user sends a request to the server for access. The server receives the request, and the authentication process begins.
Authentication process:
The client could send a request either from mobile VPN or from browser-based HTTPS. In the latter case, the connection takes place through the port while VPN connects through IPSec. The request must have a username and password from the user, and an access-request message created, is sent to the RADIUS Server. To prevent hackers from stealing this data, the password is encrypted in the request and a RADIUS access secret code is also attached so that the request is not misplaced in the transfer process.
The RADIUS Server also checks if the request is from a known from a known client-server or not. If it is not, then the request is rejected immediately and if the host device is found to be suspicious. The server usually blocks any further request from that device. If the client-server is known, then it is checked for secret code.
The server also looks at the authentication method request and even if it is within the allowed method. If all the above box is ticked, then the server proceeds to the authorization process. The server then checks if the user name and password are correct. This is done by decrypting the password and credentials is matched with that of the database.
Authorization process:
The RADIUS server generally processes Authorization and Authentication at the same time. The server checks whether the user is already under a session or not. This is done by contacting a state server. Once all the processes are completed, the RADIUS server sends a response.
Features of RADIUS Server –
Radius supports the following protocols for authentication purpose:
Point-to-Point Protocol - PPP
Challenge Handshake Authentication Protocol - CHAP
Password Authentication Protocol - PAP
Simple UNIX Login
RADIUS Accounting:
The accounting feature of the RADIUS protocol is an interesting feature, as it can be used independently of the RADIUS authentication and authorization process. This feature allows data to be sent during the session. This data normally includes the amount of resources (such as packets, time, bytes, and etc.) used during the session. This request is normally considered as “Accounting request”.
RADIUS Proxy
A RADIUS server can also act as a proxy client for other RADIUS servers. For example, the RADIUS server receives an authentication or accounting request, and it is passed to another RADIUS server that actually performs the request.
Other features of RADIUS Server:
The server is extensible, and vendors of RADIUS hardware and software can use their local language.
The secret RADIUS server key is never sent over a network:
Final words:
RADIUS Server is a popular choice in today’s market, but it has a rival in the LDAP server. The LDAP server has one protocol for both authorization and authentication. While RADIUS uses two protocol for authorization and authentication. In today’s world, where sensitive information is being shared on the network, it is extremely important that we have a secured protocol process. Therefore, we might see the two-factor authentication i.e., RADIUS Server might be very useful unless the LDAP server might come up with some extra security measure.
