Remote Authentication Dial-In User Service (RADIUS) and DIAMETER

Remote Authentication Dial-In User Service (RADIUS) is a client/server-based system that supports authentication, authorization, and accounting (AAA) services for remote user access while safeguarding the system from unauthorized access. RADIUS organizes a centralized user administration by keeping record of all user profiles in one location that all remote services have access to.

To validate a RADIUS server, user credentials are required. That information is encrypted and sent to the RADIUS server in an Access-Request packet. Once credentials are received, the RADIUS server accepts, rejects or challenges the information. If credentials are accepted, the RADIUS server sends an Access-Accept packet and the user is authenticated. If the credentials are rejected, the RADIUS server sends an Access-Reject packet. If the information is challenged, it sends an Access-Challenge packet that requests additional information from the user the RADIUS server will use for authentication.

For remote dial-up access, RADIUS also supports callback security where the server will terminate the connection and establish a new connection by dialing a predefined telephone number attached to the user’s modem. Callback security works as an extra layer of protection from unwarranted access over dial-up connections.

Because of the success of RADIUS, DIAMETER was developed. An upgraded version of RADIUS, DIAMETER is designed for use on all methods of remote connectivity in addition to dial-up.

Terminal Access Controller Access Control System

The three versions of Terminal Access Controller Access Control System (TACACS) are:

  1. TACACS
  2. Extended TACACS (XTACACS)
  3. TACACS+

Each version authenticates users and prohibits access to those without a verified username/password pairing.

  • TACACS combines the authentication and authorization functions.
  • XTACACS allows the separation of the authentication, authorization, and auditing functions, giving administrators more discerning control over its deployment.
  • TACACS+ also allows the division of the authentication, authorization, and auditing but also provides two-factor authentication.

The authentication process with TACACS is similar to RADIUS and it parallels in functionality. However, RADIUS follows an Internet standard, and TACACS is a proprietary protocol. This difference has made TACACS less popular than RADIUS.

Start learning with Cybrary

Create a free account

Related Posts

All Blogs