This section discusses centralized access control administration and its advantages and disadvantages. We then explore the RADIUS (Remote Authentication Dial-in User Services) standard which is one type of centralized access control administration. We also look at how RADIUS has evolved from the early days of dial-up usage. Centralized access control administration provides an easier method of control and administration along with enhanced security. Examples of this in action are the use of a domain to handle backups to a central server. The disadvantages of such a method are decreased granularity and less flexibility in aligning business objectives with access control management. Solutions that provide an acceptable compromise combine both a centralized and decentralized implementation in a hybrid solution. Next, we discus RADIUS and how it handles centralized access control administration. Originally designed for use with remote access servers, RADIUS simplifies admin by replicating access control policies to a server. This has since evolved from supporting dial-in clients to use with VPN, Wi-Fi, switches, UDP, TCP, and more. RADIUS follows the 801.x standard which consists of three elements: the supplicant, the authenticator, and a central authentication server. It's an open standard which has been around for a while and has a great deal of support. One of its weaknesses, however, is that it doesn't provide strong encryption during the initial handshake phase. It is then noted the EAP over LAN (Ethernet) is more commonly used with RADIUS to mitigate this shortcoming. We conclude with discussing PAP and its replacement, CHAP. CHAP has the security advantage of using a password-driven challenge/response sequence for authentication. Finally, it's noted that these last two protocols are not hugely testable, but you should be aware that they are important for controlling network access.