Contents of this article
In this article I describe RADIUS in network security. RADIUS is acronym for Remote Authentication Dial In User Service. It is necessary to know about some network security basic concepts along with management of networking devices. We know there are a lots of threats available on internet. Similarly for any network there are many ways to effect the network from virus and hackers. If your network is connected with internet, it is not safe.
There are many types of vulnerability in a network connected with internet. Hackers from all over the world always try to get information from any network. You can safe your network from these attacks by understanding some network security basic concepts. Now a lots of devices transfers data over the internet over wired, wireless and cellular networks.
Network security protects the devices from unauthorized access and malfunction activities. Malfunction activities can modify or destroy the data. The major cause of data theft is frequently use of internet from mobile and computers. We share personal data on social sites and do financial transaction on internet. The data shared on internet is always on risk from hackers and attackers. To keep safe the data from unauthorized access network security is necessary. We can prevent the attacks on our devices by aware about network security basic concepts.
Network security is necessary to protect the own networking devices and clients from unauthorized access, destruction and malfunction etc. Internet is the main resource of security threats. We manage the network for protection from these threats. We can say network security is all about to protect our internet connected computers from virus and hackers. You can manage our network security by using some firewalls, router etc. We allow unauthorized access to unknown persons by compromising own network security.
RADIUS is a network protocol provide secure remote connection of network devices. RADIUS was initially launched by IETF in 1991. The purpose of RADIUS in network security is to authenticate and authorize user access to a remote network. RADIUS works on client server architecture which allow remote access or network devices with a central server.
RADIUS works on UDP network protocol. RADIUS provide security for unauthorized access with a combination of authentication and authorization with a single process. Firstly the authentication is required the user authorized for network services. In server client architecture for RADIUS the clients are networking devices like switch and routers. The server role is done by RADIUS software which supports UNIX and Windows operating system.
Function of RADIUS in Network Security
Firstly the authentication process takes place in which username and password required by the user. The input username and password sent to the RADIUS server. The password sent in encrypted format to the RADIUS server. On receiving the username and password RADIUS can react with any one of ACCEPT, REJECT, CHALLENGE OR CHANGE PASSWORD. ACCEPT means the user is successfully authenticated and authorize to access the client. REJECT means the username and password are not correct. CHALLENGE means some additional information may be required to access the RADIUS server.
Configuration of RADIUS in network security
First thing we need to configure RADIUS service in router is to enable the AAA service. AAA service is known as Authentication Authorization and Accounting. Run aaa new-model command in global configuration mode see below command window.
Router>enable Router#config t Router(config)#aaa ? accounting Accounting configurations parameters. authentication Authentication configurations parameters. authorization Authorization configurations parameters. new-model Enable NEW access control commands and functions.(Disables OLD commands.) Router(config)#aaa new-model Router(config)#do wr Building configuration... [OK]
This command allow local authentication to all interfaces and lines of router. Now configure a local username and password by running the below commands. Local user authentication is required to access the router in case of failure from external authentication. For example I set username is admin and password is root.
Router(config)#username admin password root Router(config)#do wr Building configuration... [OK]
Now configure the RADIUS server and key by running the below commands. Here server name is radiuslogin and key is secureloginkey.
Router(config)#radius server radiuslogin Router(config-radius-server)#address ipv4 10.10.10.1 Router(config-radius-server)#key secureloginkey Router(config-radius-server)#exit Router(config)#do wr Building configuration... [OK]
Configuration of RADIUS server completed by running above commands. Now we need to add this newly created RADIUS server to AAA group of any name. Run the below commands to allow RADIUS group .
Router(config)#aaa authentication login testradiusgroup group radius local
After running above all commands you successfully configured the RADIUS in router.
I hope you understood the purpose and configuration of RADIUS. For any query or suggestion you may contact us or drop a comment in the below comment form. Share this article if you found this helpful. Your suggestions are always welcome by us.
