Press Release: October 23, 2002
Securing Public Access to Private Resources: O'Reilly Releases "RADIUS"
Sebastopol, CA--The subject of security is never far from the minds of IT workers, with good reason. If a network has even one connection to another network, it is vulnerable and needs to be secured against unauthorized access. RADIUS, or Remote Authentication Dial-In User Service, is a widely deployed protocol that enables companies to authenticate, authorize, and account for remote users who want access to a system or service from a central network server. Originally developed for dial-up remote access, RADIUS is now used by virtual private network (VPN) servers, wireless access points, authenticating Ethernet switches, Digital Subscriber Line (DSL) access, and other network access types. Extensible, easy to implement, supported, and actively developed, RADIUS is currently the de facto standard for remote authentication.
"RADIUS is an extensible protocol that enjoys the support of a wide range of vendors," says Jonathan Hassell, author of the just-released RADIUS (O'Reilly, US $34.95). "Coupled with the amazing efforts of the open source development community to extend RADIUS's capabilities to other applications--Web, calling card security, physical device security, such as RSA's SecureID--RADIUS is possibly the best protocol with which to ensure that only the people who need access to a resource indeed gain that access."
"RADIUS" provides a complete, detailed guide to the underpinnings of the RADIUS protocol, with particular emphasis on the utility of user accounting. Hassell draws from his extensive experience in internet service provider operations to bring practical suggestions and advice for implementing RADIUS. He also provides instructions for using an open-source variation called FreeRADIUS. Topics covered in the book include:
- The AAA architecture, which serves as the basis of RADIUS
- Packet structure, format, and standard attributes
- Hints and huntgroups
- FreeRADIUS setup
- Authenticating against a SQL database
- RADIUS for web authentication
- Integrating LDAP and RADIUS
- Planning for availability
- Performance baselining
This book covers RADIUS completely, from the history and theory of the architecture around which it was designed, to how the protocol and its ancillaries function on a day-to-day basis, to implementing RADIUS-based security in a variety of corporate and service provider environments. If you are an ISP owner or administrator, corporate IT professional responsible for maintaining mobile user connectivity, or a web presence provider responsible for providing multiple communications resources, you'll want this book to help you master this widely implemented but little understood protocol.
Chapter 5, "Getting Started with FreeRADIUS" and excerpts from Chapter 9,"New RADIUS Developments" are available free online