RADIUS Protocol

Remote Authentication Dial-In User Service (RADIUS) is a client-server networking protocol that runs in the application layer. Businesses can use RADIUS servers to protect their users' and systems' privacy and security, which aids in security management and the development of server administration policies.

What is Remote Authentication Dial-In User Service (RADIUS)?

RADIUS is a client/server protocol that enables an end user remote access to a private network resource. RADIUS was created in the 1990s to provide centralized authentication, authorization, and accounting management for local network resources such as routers and switches.

However, because the protocol has proven to be so flexible, cloud service providers are experimenting with ways RADIUS can be used to support Zero Trust Network Access (ZTNA) and lower the risks associated with over-the-air attacks on wireless networks and virtual private networks (VPNs).

Main Details of RADIUS

RADIUS is an open-standard AAA protocol that employs UDP ports 1645 or 1812 for authentication and 1646 or 1813 for accounting.

Authentication, authorization, and accounting are referred to as AAA. RADIUS is essentially a protocol that establishes a user's ability to access a local or remote network (authentication), determines the permissions they are granted on that network (authorization), and then logs their activities while connected to the network resource (accounting). The best thing about RADIUS is that it centralizes these AAA operations across many networking setups and locales.

How Does RADIUS Authentication and Authorization Work?

After receiving the authentication request and validating it, the RADIUS server decrypts the data packet to get access to the user name and password information. The information is then sent to the applicable security system. This could be a Kerberos, a custom security system, or even a commercial security system.

The RADIUS server relays any services that the verified user can access, like an IP address, back to the system. RADIUS accounting requests are handled in the same manner. Remote users can provide accounting information to a specific RADIUS accounting server. The RADIUS accounting standard protocol is outlined in RFC 2866. By recording the data from the RADIUS accounting request, the RADIUS accounting server responds to incoming accounting requests.

Pros and Cons of RADIUS Protocol

There are numerous benefits to using RADIUS, including:

• Increased control and security over the network
• Simplified password management
• A centralized location for device and user authentication
• Decrease in manual IT work 

Disadvantages include:

• A RADIUS server can be challenging and time-consuming to set up
• There are many configuration options, which makes setup challenging
• The variety of RADIUS implementation options can be confusing and intimidating.