Lecture 3.1: Handling Remote Access: RADIUS Motivation
Lecture 3.1: Handling Remote Access: RADIUS Motivation
Lecture 3.1: Handling Remote Access: RADIUS Motivation
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>RADIUS</strong> Security features<br />
Per-packet authenticated reply<br />
Transactions are authenticated through the use of a<br />
shared key between <strong>RADIUS</strong> server and <strong>RADIUS</strong><br />
clients<br />
Shared Key never sent over the network<br />
Per-packet 16-bytes signature<br />
Encrypted user password<br />
transmission<br />
Same shared key used to transmit user passwords<br />
Remaining information transmitted in clear text<br />
Giuseppe Bianchi<br />
PPP<br />
ISP<br />
NAS<br />
Giuseppe Bianchi<br />
<strong>RADIUS</strong> scenario<br />
<strong>RADIUS</strong><br />
server<br />
1. User sends authentication attributes to NAS<br />
2. NAS wraps them into <strong>Access</strong>-Request sent to Server<br />
3. Server response: OK, NO, Challenge (for some AUTH)<br />
if Y, user profile, authorization and config data added<br />
4. NAS notifies user<br />
3<br />
Response<br />
<strong>Access</strong>-Request<br />
2<br />
4<br />
1<br />
3