Ready to Start Your Career?

CISSP Study Guide: Access Control Methodologies & Remote Access Authentication Systems

Cybrary's profile image

By: Cybrary

December 15, 2022

Remote Authentication Dial-In User Service (RADIUS) and DIAMETER

Remote Authentication Dial-In User Service (RADIUS) is a client/server-based system that supports authentication, authorization, and accounting (AAA) services for remote user access while safeguarding the system from unauthorized access. RADIUS organizes a centralized user administration by keeping record of all user profiles in one location that all remote services have access to.

To validate a RADIUS server, user credentials are required. That information is encrypted and sent to the RADIUS server in an Access-Request packet. Once credentials are received, the RADIUS server accepts, rejects or challenges the information. If credentials are accepted, the RADIUS server sends an Access-Accept packet and the user is authenticated. If the credentials are rejected, the RADIUS server sends an Access-Reject packet. If the information is challenged, it sends an Access-Challenge packet that requests additional information from the user the RADIUS server will use for authentication.

For remote dial-up access, RADIUS also supports callback security where the server will terminate the connection and establish a new connection by dialing a predefined telephone number attached to the user’s modem. Callback security works as an extra layer of protection from unwarranted access over dial-up connections.

Because of the success of RADIUS, DIAMETER was developed. An upgraded version of RADIUS, DIAMETER is designed for use on all methods of remote connectivity in addition to dial-up.

Terminal Access Controller Access Control System

The three versions of Terminal Access Controller Access Control System (TACACS) are:

  1. TACACS
  2. Extended TACACS (XTACACS)
  3. TACACS+

Each version authenticates users and prohibits access to those without a verified username/password pairing.

  • TACACS combines the authentication and authorization functions.
  • XTACACS allows the separation of the authentication, authorization, and auditing functions, giving administrators more discerning control over its deployment.
  • TACACS+ also allows the division of the authentication, authorization, and auditing but also provides two-factor authentication.

The authentication process with TACACS is similar to RADIUS and it parallels in functionality. However, RADIUS follows an Internet standard, and TACACS is a proprietary protocol. This difference has made TACACS less popular than RADIUS.

Schedule Demo

Let's build your cybersecurity career together

Accelerate in your role, prepare for certifications, and develop cutting edge skills with the most in-demand training in the industry.

2,000+learning activities led by highly experienced cybersecurity professionals