RADIUS authentication has been around for decades, but IT professionals debate whether it should be the go-to service for managing and authenticating users. Although the technology landscape has developed to include a variety of authentication protocols, RADIUS authentication continues to offer value in a new, disparate IT scene.
As such, we’ve broken down what RADIUS authentication truly is, and the pros and cons IT admins should evaluate with respect to its implementation.
What is RADIUS Authentication?
At its most basic, RADIUS authentication is an acronym that stands for Remote Authentication Dial in User Service. Livingston Enterprises, Inc. developed it as an authentication and accounting protocol in response to Merit Network’s 1991 call for a creative way to manage dial-in access to various Points-Of-Presence (POPs) across its network.
RADIUS utilizes the client/server model to authenticate and authorize users to login to a network or network infrastructure gear. It works by sending client requests for access to the RADIUS server for verification. These requests are formatted like a package, including the client’s username, password, IP address, and port, which are then queried in the database for potential matches. Depending on the information received, and whether it is correct, the server will return with an action to either accept, reject, or challenge access to the requested service.
Although it was initially developed to replace proprietary dial-in services, RADIUS provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect to and use a particular network. Over time, this concept has been expanded to include a variety of protocols and modern networks. Traditional AAA management still exists on-prem, with cloud-based RADIUS-as-a-Service offering similar capabilities as a microservice.
The Pros of RADIUS
- Added security benefits: RADIUS allows for unique credentials for each user, which lessens the threat of hackers infiltrating a network (e.g. WiFi) since there is no unified password shared among a number of people.
- Avoids the pain of password management: Unique credentials ensure that a shared password does not need routine changing, because each person manages their own. This saves time for an IT admin, and users do not have (Read more...)