Part 10 – RADIUS

This section discusses centralized access control administration and its advantages and disadvantages. We then explore the RADIUS (Remote Authentication Dial-in User Services) standard which is one type of centralized access control administration. We also look at how RADIUS has evolved from the early days of dial-up usage. Centralized access control administration provides an easier method of control and administration along with enhanced security. Examples of this in action are the use of a domain to handle backups to a central server. The disadvantages of such a method are decreased granularity and less flexibility in aligning business objectives with access control management. Solutions that provide an acceptable compromise combine both a centralized and decentralized implementation in a hybrid solution. Next, we discus RADIUS and how it handles centralized access control administration. Originally designed for use with remote access servers, RADIUS simplifies admin by replicating access control policies to a server. This has since evolved from supporting dial-in clients to use with VPN, Wi-Fi, switches, UDP, TCP, and more. RADIUS follows the 801.x standard which consists of three elements: the supplicant, the authenticator, and a central authentication server. It's an open standard which has been around for a while and has a great deal of support. One of its weaknesses, however, is that it doesn't provide strong encryption during the initial handshake phase. It is then noted the EAP over LAN (Ethernet) is more commonly used with RADIUS to mitigate this shortcoming. We conclude with discussing PAP and its replacement, CHAP. CHAP has the security advantage of using a password-driven challenge/response sequence for authentication. Finally, it's noted that these last two protocols are not hugely testable, but you should be aware that they are important for controlling network access.
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?