|
RADIUS
The subject of security never strays far from the minds of
IT workers, for good reason. If there is a network with even
just one connection to another network, it needs to be
secured. RADIUS, or Remote Authentication Dial-In User
Service, is a widely deployed protocol that enables
companies to authenticate, authorize and account
for remote
users who want access to a system or service from a central
network server. Originally developed for dial-up remote
access, RADIUS is now used by virtual private network (VPN)
servers, wireless access points, authenticating Ethernet
switches, Digital Subscriber Line (DSL) access, and other
network access types. Extensible, easy to implement,
supported, and actively developed, RADIUS is currently the
de facto standard for remote authentication.
RADIUS provides a complete, detailed guide to the
underpinnings of the RADIUS protocol, with particular
emphasis on the utility of user accounting. Author Jonathan
Hassell draws from his extensive experience in Internet
service provider operations to bring practical suggestions
and advice for implementing RADIUS. He also provides
instructions for using an open-source variation called
FreeRADIUS.
"RADIUS is an extensible protocol that enjoys the support of
a wide range of vendors," says Jonathan Hassell. "Coupled
with the amazing efforts of the open source development
community to extend RADIUS's capabilities to other
applications-Web, calling card security, physical device
security, such as RSA's SecureID-RADIUS is possibly the best
protocol with which to ensure only the people that need
access to a resource indeed gain that access."
This unique book covers RADIUS completely, from the history
and theory of the architecture around which it was designed,
to how the protocol and its ancillaries function on a
day-to-day basis, to implementing RADIUS-based security in a
variety of corporate and service provider environments. If
you are an ISP owner or administrator, corporate IT
professional responsible for maintaining mobile user
connectivity, or a web presence provider responsible for
providing multiple communications resources, you'll want
this book to help you master this widely implemented but
little understood protocol.
Preface
1. An Overview of RADIUS
An Overview of AAA
Key Points About AAA Architecture
The Authorization Framework
And Now, RADIUS
2. RADIUS Specifics
Using UDP versus TCP
Packet Formats
Packet Types
Shared Secrets
Attributes and Values
Authentication Methods
Realms
RADIUS Hints
3. Standard RADIUS Attributes
Attribute Properties
4. RADIUS Accounting
Key Points in RADIUS Accounting
Basic Operation
The Accounting Packet Format
Accounting Packet Types
Accounting-specific Attributes
5. Getting Started with FreeRADIUS
Introduction to FreeRADIUS
Installing FreeRADIUS
In-depth Configuration
Troubleshooting Common Problems
6. Advanced FreeRADIUS
Using PAM
Proxying and Realms
Using the clients.conf File
FreeRADIUS with Some NAS Gear
Using MySQL with FreeRADIUS
Simultaneous Use
Monitoring FreeRADIUS
7. Other RADIUS Applications
RADIUS for Web Authentication
Using the LDAP Directory Service
Parsing RADIUS Accounting Files
8. The Security of RADIUS
Vulnerabilities
The Extensible Authentication Protocol
Compensating for the Deficiencies
Modifying the RADIUS Protocol
9. New RADIUS Developments
Interim Accounting Updates
The Apple Remote Access Protocol
The Extensible Authentication Protocol
Tunneling Protocols
New Extensions Attributes
10. Deployment Techniques
Typical Services
RADIUS and Availability
Other Things RADIUS
Appendix:. Attribute Reference
Index
|
