RADIUS: Network Access Control and Single Sign On, Slides of Internet and Information Access

An overview of radius (remote authentication dial-in user service), a network access control protocol that uses the aaa (authentication, authorization, and accounting) model. Radius is used to manage network access and ip mobility, and it enables per-packet authentication for secure connections. The document also covers the benefits of using radius for wholesale wireless access and the concept of single sign on (sso).

Typology: Slides

2012/2013

Uploaded on 04/25/2013

bageshri
bageshri 🇮🇳

4.3

(24)

175 documents

1 / 44

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
RADIUS, Network Access, Single
Sign On
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c

Partial preview of the text

Download RADIUS: Network Access Control and Single Sign On and more Slides Internet and Information Access in PDF only on Docsity!

RADIUS, Network Access, Single

Sign On

RADIUS

  • Remote authentication dial-in user service ( RADIUS )
  • AAA (authentication, authorization and accounting) protocol for applications such as network access or IP mobility
  • The RADIUS server will also be notified if and when the session starts and stops - Billing - Logging
  • originally developed by Livingston Enterprises for their PortMaster series of Network Access Servers - Currently as RFC 2865 and 2866 - several commercial and open-source RADIUS servers exist

RADIUS Architecture

Authentication Flow

RADIUS Server

  • Cistron
  • freeRADIUS
  • ICRADIUS
  • YARD RADIUS
  • GNU-radius

Standards

• IEEE

  • 802.1x “Network port authentication”
  • 802.1w “Spanning tree rapid convergence”
  • 802.11e “Quality of service”
  • 802.11f “Inter-access point protocol”
  • 802.11i “Extended security”
  • IETF
  • RADIUS & AAA – authentication, authorization, and accounting
  • PPP Extensible authentication protocol (EAP)
  • IPSec and IPSRA – IPSec and VPNs

Wholesale Wireless Access

AP A

AP A

**Public

Wireless Networks**

Internet (^) BIGCO

IP

802.11 Wireless Access Points

Carrier networks

Customer RADIUS Server

ISP A RADIUS Proxy

AP A

Directory

Benefits of Wholesale Access

  • Ubiquitous 802.11 wireless support
    • Enables rapid deployment of IEEE 802. technologies in hotels, airports, malls
    • Users can obtain wireless access using their existing corporate accounts
  • Easier to provide “backup” providers
  • RADIUS provides accounting information
  • Reduced carrying costs
    • Leverage ISP capacity and aggregation
    • Shared support burden and ISP expertise Docsity.com

Why Shared Use APs?

  • Multiple providers are becoming the norm within airports
    • Airlines are installing 802.11 networks for use in baggage handling and roving ticket counters
    • Multiple wireless ISPs often want to serve airport customers
  • Radio interference is an issue
    • In the US and Europe, 802.11b networks can support only 3 non- overlapping channels; in France and Japan only one channel is available
    • Once the channels are utilized by existing APs, additional APs will interfere and reduce performance
  • 802.11 deployment in public spaces is expensive
    • The cost of providing wireless access is inversely proportional to infrastructure utilization
    • More economical to build infrastructure and share it among multiple providers than to build overlapping infrastructure

Single Sign On (SSO)

  • Introduction
  • SSO Approaches
  • Dealing with different SSO options
  • Focus:
    • Perspective of an ISV/Developer who has to deal with customers’ SSO environments.

Traditional Authentication

User types Login id & Password

System checks user id and password against application user database

If both factors found in database, user is now authenticated for application.

The Problem

  • With the web, users no longer work with just one application.
  • Most users can’t remember all of their passwords, get irritated having to re-type their user id and password.
  • System admins finding it challenging to maintain user information.
  • Security sacrificed because
    • User Databases are not current
    • Users keep their user ids and passwords written down on their desk.

Single Sign on

  • Allows a user to enter user id and password (authentication factors) in one place for all applications.
  • Authentication based on user definitions from a central database
  • Eases users linking between applications (one application is an instrument…many applications working together is a symphony)

The Answer?

Login only Once

SSO Server

User authenticated to central SSO server

User authenticatedhere… authenticated here..^ And User authenticated here^ And User

Corporate Dir. (LDAP, RDMS, etc.)