There are 5 major remote access security technologies
- RAS (Remote Access Service)
- Radius
- Diameter
- TACACS
RAS (Remote Access Service):
Uses PPP (Point to Point Protocol) to secure dial-in, ISDN and serial links. Uses the following authentication mechanisms.
PAP (Password Authentication Protocol):
- Two way hand shake
- Sends passwords in clear text
- No protection against replay or brute force attacks
CHAP (Challenge Handshake Protocol):
- Uses three way hand shake
- Both server and client need to have a shared secret preconfigured
- Shared secret is stored in clear text. MS-CHAP allows the shared secret to be stored in encrypted form
EAP (Extensible Authentication Protocol):
- Used primarily in Wireless networks
- Supports various authentication mechanisms like MD5-Challenge, S/Key, generic token card and digital Certificates
RADIUS (Remote Authentication Dial-In Service)
- Open-Source UDP based.
- Provides authentication and accountability
- Use provides username/password to a RADIUS client using PAP or CHAP. Radius client encrypts password and sends to RADIUS Server for authentication
DIAMETER
- Improved version of RADIUS
- Uses TCP. Supports IPSsec, TLS
TACACS (Terminal Access Controller Access Control System):
- Uses UDP. Provides Authentication, Authorization and Accountability
- XTACACS is an improved version but no longer used
- TACACS+ is the current version. Supports several authentication mechanisms – PAP,CHAP,MS-CHAP,EAP,KERBEROS,Token Cards
Comments on this entry are closed.