What is Radius?

RADIUS (Remote Authentication Dial-in User Service) is a network community that authenticates users who want to connect to a remote network and logs them into desired systems. Radius is an authentication protocol created by Livingston Enterprises in 1991. There is Network Access Server (NAS) on the radius. Network Access Server (NAS) forwards requests such as radius to the radius server

After receiving requests from users, Radius servers perform three basic functions. Authentication, authorization and accounting(AAA) Radiuslar use private keys in their communications. Radius users can be Wireless Access Point, Router, Switch.

Which ports does Radius use?

Radius first used the 1645 and 1646 ports with the UDP protocol for message exchange. Later, it started to work with 1812 and 1813 ports over UDP/IP. 1645 and 1646 ports are widely used by companies.

Radius servers can be integrated into different databases. For example, SQL, LDAP. Radius servers can act as proxy servers. Radius prevents unauthorized people from entering the system. While Radius keeps users’ information secure, it provides advantages for other security systems

Centralize Network Access Control
RADIUS protocol is based on a AAA framework. AAA stands for Authentication, Authorization, and Accounting.
Essentially, RADIUS is a protocol that determines whether or not a user can access a local or remote network (Authentication), establishes what sort of privileges they’re allowed on that network (Authorization), and then records the activity of the user while they’re connected to the network resource (Accounting). The beauty of RADIUS is that it centralizes these AAA functions across networking infrastructure and locations.

Why Radius?
While each of a network’s users can access their network or VPN with their own unique login credentials, RADIUS protocol provides a central authentication mechanism to enable the access for them. IT enables a full control over access to critical business IT infrastructure. Therefore, when you need to deprecate access, such as when an employee leaves, removing the user from your core directory effectively eliminates their access to the network, VPN, or infrastructure equipment. Radius protocol provides time saving and increases the security level of the entire organization, by simply eliminating a single user’s access rather than updating the shared access credentials. So the company admin no longer needs to change the password for all the users in the organization. Just removing a single user will be enough without interrupting anyone’s workflow.

Radius Components

RADIUS has three major components. These are:
Client/Supplicant: Essentially the device and user seeking access to a network.
NAS: Network Access Server that serves as the gateway between a user and a network.
RADIUS Server: Authentication server that ensures the user is allowed to access the network and what permissions they are allowed.

Radius Implementation

When you need to implement your own RADIUS server, there are too many options to consider indeed. Chief among them is an FreeRadius implementation. Implementing a RADIUS server requires a good amount of technical knowhow and expertise, Anybody can download it and install it on their machine, whether that’s a desktop machine or an outright server. But, in order to install FreeRADIUS you need to run an operating system like Ubuntu, a Debian-based OS, CentOS, RedHat, or macOS. Or, you can simply buy a FreeRADIUS server from NetworkRADIUS, an offshoot of FreeRADIUS.

Free RADIUS is an excellent open source option for taking advantage of the RADIUS protocol if you are willing to do all of the heavy lifting required. That means purchasing all of the equipment and infrastructure necessary, setting up the software, and configuring all the users to authenticate to your network via RADIUS.

References
https://www.mshowto.org/radius-nedir.html
https://www.techtarget.com/searchsecurity/definition/RADIUS https://securityboulevard.com/2018/05/what-is-the-radius-protocol/
https://g.co/kgs/Xa5uj5
https://jumpcloud.com/resources/radius-guide
https://ebookreading.net/cgi-sys/
https://www.akadia.com/services/radius_server.html
https://serverfault.com/questions/971769/network-policy-server-radius-not-listening-on-any-ports-for-windows-server-201
https://www.arubanetworks.com/techdocs/ClearPass/6.8/Aruba_DeployGd_HTML/Content/802.1X%20Authentication/8021X_About.htm
https://www.tekfik.com/kb/linux/freeradiusaaa-installation-and-configuration https://draculaservers.com/tutorials/freeradius-ubuntu-18-04-mysql/