VPN and RADIUS :: essays research papers

VPN and RADIUSThe boom in telecommuting and the need to support more upstage workers is making life tough for IT managers. Besides the normal tasks of maintaining removed(p)-access server (reticular activating system) equipment, managers often find their time consumed administering access rights and assay-mark privileges on several, geographically dispersed remote access servers at the same time. Enter the Remote Authentication Dial In User Service (RADIUS), a commonly used authentication system. more or less remote-access equipment vendors comport supported RADIUS in their remote-access ser-vers. Many virtual private networking equipment companies also are supporting the use of a RADIUS server for user authentication.For IT managers, the main attraction of RADIUS is that it allows them to simplify administration of user authentication by maintaining a centralized database of access rights. IT managers who did not have RADIUS have had to maintain access rights on multiple piece s of equipment. This leads to a problem If someone joins or leaves a company, a manager must add or substitute access rights for that person on every piece of access equipment. RADIUS avoids such problems. IT managers can use a single RADIUS server to authenticate users dialing into multiple remote-access servers. With RADIUS, IT managers maintain a single authentication database. All users dialing into a network are authenticated against this database.For such centralized authentication to work, a RAS and VPN equipment must securely communicate with a RADIUS server and verify that the user meets certain conditions before allowing the user to gain access to the network. The process of authenticating users is plain to the user dialing in. The way it works is that a user places a call into a remote-access server and a Point-to-Point Protocol session is initiated. The RAS or VPN takes authentication information, such as a user name and password, and passes this information to the RAD IUS server. If the user is in the database and has access privileges to the network, the RADIUS server signals the remote-access server that it is OK to hold open the process. At the same time, the RADIUS server also sends what is called profile information about the user to the remote-access server. The profile can include information such as the users IP address, the maximum amount of time the user can remain connected to the network and the phone number the user is allowed to dial to access the network.