VPN and RADIUS
The boom in telecommuting and the need to support more remote workers is making life tough for IT managers. Besides the normal tasks of maintaining remote-access server (RAS) equipment, managers often find their time consumed administering access rights and authentication privileges on several, geographically dispersed remote access servers at the same time. Enter the Remote Authentication Dial In User Service (RADIUS), a commonly used authentication system. Most remote-access equipment vendors have supported RADIUS in their remote-access ser-vers. Many virtual private networking equipment companies also are supporting the use of a RADIUS server for user authentication. For IT managers, the main attraction of RADIUS is that it allows them to simplify administration of user authentication by maintaining a centralized database of access rights. IT managers who did not have RADIUS have had to maintain access rights on multiple pieces of equipment. This leads to a problem: If someone joins or leaves a company, a manager must add or change access rights for that person on every piece of access equipment. RADIUS avoids such problems. IT managers can use a single RADIUS server to authenticate users dialing into multiple remote-access servers. With RADIUS, IT managers maintain a single authentication database. All users dialing into a network are authenticated against this database. For such centralized authentication to work, a RAS and VPN equipment must securely communicate with a RADIUS server and verify that the user meets certain conditions before allowing the user to gain access to the network. The process of authenticating users is transparent to the user dialing in. The way it works is that a user places a call into a remote-access server and a Point-to-Point Protocol session is initiated. The RAS or VPN takes authentication information, such as a user name and password, and passes this information to the RADIUS server. If the user is in the...
Please join StudyMode to read the full document