Remote Access

Intimate Knowledge of RADIUS

From PAP to CHAP and beyond, the purpose of the RADIUS protocol is to secure network access. If you don't know your resource management from your session management, then RADIUS the book is must-read material.

by Patricia Fusco ISP-Planet Managing Editor [December 13, 2002]

When it comes to providing public access to private resources, the first layer of security starts with RADIUS, short for Remote Authentication Dial-In User Service. Extensible, easy to implement, well supported and still actively developed, RADIUS remains the de facto standard of remote authentication for most Internet service providers in business today. It's how ISPs keep non-paying users out and paying customers in.

With new security exploits being uncovered every day, it pays to know how flexible RADIUS can be for guarding the gates at your ISP. That's what Jonathan Hassell had in mind when he wrote the book on the protocol—RADIUS, Securing Public Access to Private Resources.

Hassell said that the book is designed to serve all levels of RADIUS knowledge because the protocol enjoys the support of a wide range of applications.

"RADIUS is an extensible protocol that enjoys the support of a wide range of vendors," Hassell said. "Coupled with the amazing efforts of the open source development community to extend RADIUS's capabilities to other applications—Web, calling card security, physical device security, such as RSA's SecureID—RADIUS is possibly the best protocol with which to ensure that only the people who need access to a resource indeed gain that access."

RADIUS, the book, provides a thorough guide to the underpinnings of the RADIUS protocol, with particular emphasis on user accounting. Hassell draws from his extensive experience operating an ISP to provide practical suggestions and advice for implementing RADIUS.

In the first chapter, Hassell provides an overview of RADIUS, introducing the reader to the protocol's characteristics. In the second chapter, he dives into the specific details of the RADIUS protocol, including an overview of its standard packet formats and the structured properties it passes to various types of servers.

The third chapter includes a reference section of all of the globally defined RADIUS attributes with a short discussion of each attributes purpose. Chapter four focuses solely on accounting, taking an in-depth look at standard accounting packets, proxy functionality, and standard accounting attributes.

In the fifth chapter, Hassell provides a hands-on tutorial for getting started with FreeRADIUS. In sixth chapter, the author covers more intimate configuration options that FreeRADIUS provides. But it's not until chapter seven that he delves into specific RADIUS applications, such as Apache Web serving and e-mail administration.

Security is the focus of chapter eight, and RADIUS is not without its security issues. This section offers insight into the vulnerabilities of RADIUS and what administrators can do to eliminate potential threats.

Chapter nine takes a look at new RADIUS developments to address information that is not included in the original design of the protocol. New projects include tunneling support, Apple networking support, interim accounting updates, and using Extensible Authentication Protocol (EAP).

The book concludes by offering design guidelines and practical suggestions for planning a RADIUS server deployment. Topics include services, availability, system baselining, as well as proactive and reactive system management tactics.

If you are an ISP owner, administrator, or a webhosting outfit, this book could help you bone up on managing and monitoring data traffic over your network. RADIUS the protocol was built out of the need to authenticate, authorize, and account for public access to private networks. RADIUS the book was built out of your ISP's need to make the most of this functional, flexible protocol.

—End