≡ Menu

Remote access security technologies

There are 5 major remote access security technologies

  1. RAS (Remote Access Service)
  2. Radius
  3. Diameter
  4. TACACS

RAS (Remote Access Service):
Uses PPP (Point to Point Protocol) to secure dial-in, ISDN and serial links. Uses the following authentication mechanisms.

PAP (Password Authentication Protocol):

  1. Two way hand shake
  2. Sends passwords in clear text
  3. No protection against replay or brute force attacks

CHAP (Challenge Handshake Protocol):

  1. Uses three way hand shake
  2. Both server and client need to have a shared secret preconfigured
  3. Shared secret is stored in clear text. MS-CHAP allows the shared secret to be stored in encrypted form

EAP (Extensible Authentication Protocol):

  1. Used primarily in Wireless networks
  2. Supports various authentication mechanisms like MD5-Challenge, S/Key, generic token card and digital Certificates

 

RADIUS (Remote Authentication Dial-In Service)
  1. Open-Source UDP based.
  2. Provides authentication and accountability
  3. Use provides username/password to a RADIUS client using PAP or CHAP. Radius client encrypts password and sends to RADIUS Server for authentication

 

DIAMETER
  1. Improved version of RADIUS
  2. Uses TCP. Supports IPSsec, TLS

 

TACACS (Terminal Access Controller Access Control System):
  1. Uses UDP. Provides Authentication, Authorization and Accountability
  2. XTACACS is an improved version but no longer used
  3. TACACS+ is the current version. Supports several authentication mechanisms – PAP,CHAP,MS-CHAP,EAP,KERBEROS,Token Cards

Comments on this entry are closed.