Radius Server - Security

Security

The RADIUS protocol does not transmit passwords in cleartext between the NAS and RADIUS server (not even with PAP protocol). Rather, a shared secret is used along with the MD5 hashing algorithm to obfuscate passwords. Because this particular implementation is not considered to be a very strong protection of the user's credentials, additional protection, such as IPsec tunnels or physically secured data-center networks, should be used to further protect the RADIUS traffic between the NAS device and the RADIUS server. Additionally, the user's security credentials are the only part protected by RADIUS itself, yet other user-specific attributes such as tunnel-group IDs or vlan memberships passed over RADIUS may be considered sensitive (helpful to an attacker) or private (sufficient to identify the individual client) information as well. The RadSec protocol claims to solve aforementioned security issues.

Read more about this topic:  Radius Server

Famous quotes containing the word security:

    The most disgusting cad in the world is the man who, on grounds of decorum and morality, avoids the game of love. He is one who puts his own ease and security above the most laudable of philanthropies.
    —H.L. (Henry Lewis)

    ... most Southerners of my parents’ era were raised to feel that it wasn’t respectable to be rich. We felt that all patriotic Southerners had lost everything in defense of the South, and sufficient time hadn’t elapsed for respectable rebuilding of financial security in a war- impoverished region.
    Sarah Patton Boyle, U.S. civil rights activist and author. The Desegregated Heart, part 1, ch. 1 (1962)

    Thanks to recent trends in the theory of knowledge, history is now better aware of its own worth and unassailability than it formerly was. It is precisely in its inexact character, in the fact that it can never be normative and does not have to be, that its security lies.
    Johan Huizinga (1872–1945)