RADIUS By Jonathan Hassell

There's far more to information security than usernames and passwords; it's not just a matter of letting legitimate users "in" and keeping bad guys "out." Users who have authority to use certain parts of a system may not be authorized to see everything, and businesses, for billing purposes, often want to track how long users spend in a system. The Remote Access Dial-In User Service (RADIUS) solves all of these engineering challenges, but you have to implement it correctly in order to achieve maximum benefit and keep your systems safe. RADIUS provides an architectural and technical guide to RADIUS implementation, enabling its readers to design RADIUS-secured systems properly and choose products wisely. Jonathan Hassell's approach is to lay down a foundation of RADIUS protocol theory, then explain how to implement the protocol with a particular product (FreeRADIUS for Linux). He approaches both elements of his book with precision and detail, and provides plenty of tabular information for reference. He's also liberal with examples, which is a welcome trait if you're in a hurry to know how to format a radiusd.conf file or how to configure Cisco IOS to do RADIUS authentication. This is a comprehensive treatment of a complicated subject. “David Wall Topics covered: How the RADIUS protocol provides authentication, authorization, and accounting (AAA services), and how it fits with other elements of network design. The author covers the protocol in theory before digging into its implementation in FreeRADIUS for Linux and the integration of that package with several important networking products. Book Description The subject of security never strays far from the minds of IT workers, for good reason. If there is a network with even just one connection to another network, it needs to be secured. RADIUS, or Remote Authentication Dial-In User Service, is a widely deployed protocol that enables companies to authenticate, authorize and account for remote users who want access to a system or service from a central network server. Originally developed for dial-up remote access, RADIUS is now used by virtual private network (VPN) servers, wireless access points, authenticating Ethernet switches, Digital Subscriber Line (DSL) access, and other network access types. Extensible, easy to implement, supported, and actively developed, RADIUS is currently the de facto standard for remote authentication. RADIUS provides a complete, detailed guide to the underpinnings of the RADIUS protocol, with particular emphasis on the utility of user accounting. Author Jonathan Hassell draws from his extensive experience in Internet service provider operations to bring practical suggestions and advice for implementing RADIUS. He also provides instructions for using an open-source variation called FreeRADIUS. "RADIUS is an extensible protocol that enjoys the support of a wide range of vendors," says Jonathan Hassell. "Coupled with the amazing efforts of the open source development community to extend RADIUS's capabilities to other applications-Web, calling card security, physical device security, such as RSA's SecureID-RADIUS is possibly the best protocol with which to ensure only the people that need access to a resource indeed gain that access." This unique book covers RADIUS completely, from the history and theory of the architecture around which it was designed, to how the protocol and its ancillaries function on a day-to-day basis, to implementing RADIUS-based security in a variety of corporate and service provider environments. If you are an ISP owner or administrator, corporate IT professional responsible for maintaining mobile user connectivity, or a web presence provider responsible for providing multiple communications resources, you'll want this book to help you master this widely implemented but little understood protocol.