Hot Stuff!: RADIUS
With remote access becoming an increasing IT infrastructure requirement to support tele-workers, traveling employees, and other partners or contractors who may need access to organizational networks or servers, more and more companies are grappling with simultaneous and sometimes contradictory goals of opening up for more uses, while maintaining strong security and protecting confidential or sensitive information assets and so forth.
This is where the technology known as Security Spotlight: Managing Physical Access, or the remote authentication dial-in user server, comes into play. RADIUS is a client/server protocol that works with a central server to provide strong manageable authentication services while offering distributed, remote access to all kinds of resources.
RADIUS allows an organization to create a single centralized database of user profile information that any servers whose job it is to provide remote access can share. As users request access to resources, they must first authenticate themselves to a RADIUS server which grants controlled access (and can also apply a centralize, policy-based view of access rights and user privileges) to whatever resources are requested. Use of a centralized tracking and authorization service also permits centralized tracking of system access and usage, and can therefore also support centralized usage monitoring, along with various chargeback or billing schemes.
Originally developed at Livingston (now a part of Lucent Corporation), RADIUS has become a widely adopted defacto industry standard. It’s now the focus of a standards track protocol RFC at the IETF (number 2865, in fact), and promises to become the focus of widespread, general industry support. Already, a large number of vendors offer RADIUS server implementations for well-known server platforms, including Windows, Linux, UNIX, and so forth (for example, a quick search on “RADIUS server” at searchsystemsmanagement.com turns up over half-a-dozen products).