1 chapter 13: radius in remote access designs designs that include radius essential radius design...
DESCRIPTION
3 RADIUS Clients and ServersTRANSCRIPT
1
Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design Optimization
2
RADIUS in Remote Access Designs Provides protocols that allow
Remote access Remote user authentication Remote user auditing Remote user accounting
Allows control of all security Includes RADIUS client and server
3
RADIUS Clients and Servers
4
RADIUS and Microsoft Windows 2000 RADIUS provided by
Routing and Remote Access Internet Authentication Service (IAS)
RADIUS client RADIUS server
5
RADIUS Design Review Determine the following:
Amount of data transmitted Number of locations Connectivity and security capabilities Operating systems used Number of remote access clients Security needs
6
RADIUS Design Decisions RADIUS integration into existing
network Number and placement of servers and
clients Hardware requirements for clients Data protection methods User authentication methods Optimization methods
7
Outsourced Dial-Up Remote Access The most common design Dial-up outsourced to a third party Reduced dial-up costs Single set of logon credentials Enhanced security features
8
Outsourced Dial-Up Remote Access (Cont.)
9
In-House Remote Access Allows the organization to own the
entire design Centralizes administration Avoids dependence on third-party
vendors Places RADIUS clients
Outside private network On screened subnets
10
In-House Remote Access (Cont.)
11
Partner Network Remote Access Provides remote access for partner’s
users Centralizes administration Enhances security of partner’s access Places RADIUS client in partner’s
network
12
Partner Network Remote Access (Cont.)
13
Number of RADIUS Clients and Servers RADIUS client
Supports hundreds of remote access computers
Requires same type of number decisions as for VPN
RADIUS server Supports many RADIUS clients Requires one RADIUS server per user account
database Provides for RADIUS authentication and
accounting
14
Placing RADIUS Clients Make same type of placement decisions
as for dial-up or VPN Place near remote users For dial-up, place geographically close For VPN, place near Internet connection
15
Placing RADIUS Servers Place near servers that manage user
accounts For Active Directory directory service,
place close to domain controllers Run IAS on a domain controller to
reduce traffic
16
Connecting RADIUS Clients and Servers
17
Selecting Remote Access Client Support Make same type of design decisions as
for VPN and dial-up. Specify a RADIUS realm, which
Is a user account database Is the same as a domain in Microsoft
Windows NT and Windows 2000 Specify a default realm for each RADIUS
client.
18
Preventing Unauthorized Access Methods are the same as for VPN and
dial-up. Shared secrets
Identify authorized RADIUS clients and servers
Use case-sensitive text strings Can be used to encrypt messages Must be configured on both client and
server
19
Protecting Confidential Data Use same basic methods as for VPN and
dial-up. Consider additional authentication methods. Encrypt data
Between remote user and server within network Both ways between remote user and RADIUS
clients Enforce remote access policies (RADIUS
attributes) that are managed, stored, and replicated on RADIUS servers.
20
Enhancing RADIUS Availability Configure clients to use multiple servers.
Works on all platforms Provides dynamic fault tolerance Servers must be manually added and deleted
Use Network Load Balancing. Provides automatic reconfiguration Works only on RADIUS clients Requires extra resources Is not available for non–Microsoft operating
systems
21
Improving RADIUS Performance Configure clients to use multiple servers.
Works on all platforms Provides load balancing across multiple servers Servers must be manually added and deleted
Use Network Load Balancing. Provides automatic reconfiguration Works only on RADIUS clients Requires extra resources Is not available for non–Microsoft operating
systems
22
Chapter Summary RADIUS provides remote access solutions. RADIUS includes RADIUS clients and RADIUS
servers. The design decisions for RADIUS depend on
the configuration. Outsourced dial-up remote access designs In-house remote access designs Partner network remote access designs
Protect data and improve availability and performance by using the same methods as for VPN and dial-up.