Remote Authentication Dial-in User Service (RADIUS) is a widely used networking protocol which provides centralized user control and access management for the users in a network. It is a client-server protocol in which the client is usually a Network Access Server (NAS). RADIUS provides Authentication, Authorization and Accounting (AAA) management. It was originally designed to authenticate remote users dial-in access server. RADIUS was developed by Livingston Enterprises, Inc in 1991 as an authentication and accounting protocol. It was later brought into the Internet Engineering Task Force (IETF) standards.
The RADIUS server is typically a background process running on a UNIX or Microsoft server. The working of the RADIUS server depends on the nature of the RADIUS ecosystem. The RADIUS server process is explained in detail below:
- The RADIUS process begins by the user sending a request for network access. The user initiates authentication to the Network Access Server (NAS). The user can send the request through browser-based HTTPS connect or from mobile VPN.
- The server then accepts the request and the authentication process begins. The server requests for and accepts the credentials (username and password) from the user. It creates an access-request message which is then sent to the RADIUS server.
- The password is received and encrypted through the access-request and sends it to the RADIUS server.
- The RADIUS server receives the request and checks its authenticity (to check whether it came from a known user or not). If it is not a known client, the request is immediately denied. If the user is found to be suspicious, the server is blocked from sending any further requests.
- If the client is known, the RADIUS checks the shared code along with the authentication method request. This authentication method should also be a known and allowed method.
- If the authentication method is an allowed method, the credentials are matched with the database. If the credentials are compatible, the RADIUS server sends a response. But if the credentials do not match, the access is denied. The user is finally authenticated and authorized and will obtain access to the RADIUS client.
Apart from the above authentication process, the RADIUS server is also used for accounting purposes. The RADIUS server collects data for network monitoring, billing and statistical purposes.
RADIUS is a very useful protocol server and has a wide range of benefits. It allows easy authorization capabilities and enables individual clients to be assigned with unique network permissions. It can integrate into your system flawlessly. RADIUS server helps a company or business to maintain profiles of network users in a centralized database which is accessible to all the users.
The RADIUS server is one of the best tools for security management and server administration. It is also used for better statistical organization and billing purposes. It acts as the middle agent between the client and the server. The RADIUS server gives you complete control over which user can access your network and also help in the management and administration of these users.
The RADIUS server has become an industry standard. Nowadays, many companies and businesses choose to opt for the RADIUS server protocol for their Authentication, Authorization and Accounting needs as well as the control and management of the users accessing their network to keep their network security intact and provide their clients with an efficient network.