RADIUS. Securing Public Access to Private Resources - Helion
ISBN: 978-14-493-9588-9
stron: 208, Format: ebook
Data wydania: 2002-10-08
Księgarnia: Helion
Cena książki: 101,15 zł (poprzednio: 117,62 zł)
Oszczędzasz: 14% (-16,47 zł)
The subject of security never strays far from the minds of IT workers, for good reason. If there is a network with even just one connection to another network, it needs to be secured. RADIUS, or Remote Authentication Dial-In User Service, is a widely deployed protocol that enables companies to authenticate, authorize and account for remote users who want access to a system or service from a central network server. Originally developed for dial-up remote access, RADIUS is now used by virtual private network (VPN) servers, wireless access points, authenticating Ethernet switches, Digital Subscriber Line (DSL) access, and other network access types. Extensible, easy to implement, supported, and actively developed, RADIUS is currently the de facto standard for remote authentication.RADIUS provides a complete, detailed guide to the underpinnings of the RADIUS protocol, with particular emphasis on the utility of user accounting. Author Jonathan Hassell draws from his extensive experience in Internet service provider operations to bring practical suggestions and advice for implementing RADIUS. He also provides instructions for using an open-source variation called FreeRADIUS."RADIUS is an extensible protocol that enjoys the support of a wide range of vendors," says Jonathan Hassell. "Coupled with the amazing efforts of the open source development community to extend RADIUS's capabilities to other applications-Web, calling card security, physical device security, such as RSA's SecureID-RADIUS is possibly the best protocol with which to ensure only the people that need access to a resource indeed gain that access."This unique book covers RADIUS completely, from the history and theory of the architecture around which it was designed, to how the protocol and its ancillaries function on a day-to-day basis, to implementing RADIUS-based security in a variety of corporate and service provider environments. If you are an ISP owner or administrator, corporate IT professional responsible for maintaining mobile user connectivity, or a web presence provider responsible for providing multiple communications resources, you'll want this book to help you master this widely implemented but little understood protocol.
Osoby które kupowały "RADIUS. Securing Public Access to Private Resources", wybierały także:
- Profesjonalne testy penetracyjne. Zbuduj własne środowisko do testów 67,42 zł, (20,90 zł -69%)
- Windows Server 2003. Bezpieczeństwo sieci 74,69 zł, (23,90 zł -68%)
- Spring Security. Kurs video. Metody zabezpieczania aplikacji webowych 69,00 zł, (31,05 zł -55%)
- Bezpieczeństwo systemów informatycznych. Zasady i praktyka. Wydanie IV. Tom 2 99,00 zł, (49,50 zł -50%)
- Hartowanie Linuksa we wrogich środowiskach sieciowych. Ochrona serwera od TLS po Tor 59,00 zł, (29,50 zł -50%)
Spis treści
RADIUS. Securing Public Access to Private Resources eBook -- spis treści
- RADIUS
- SPECIAL OFFER: Upgrade this ebook with OReilly
- Preface
- Audience
- Organization
- Conventions Used in This Book
- How to Contact Us
- Acknowledgments
- 1. An Overview of RADIUS
- An Overview of AAA
- Authentication
- Authorization
- Accounting
- Key Points About AAA Architecture
- The Authorization Framework
- Authorization Sequences
- Roaming
- Distributed Services
- Policies
- Resource and Session Management
- And Now, RADIUS
- A Brief History
- Properties of RADIUS
- Limitations of RADIUS
- An Overview of AAA
- 2. RADIUS Specifics
- Using UDP versus TCP
- Packet Formats
- Code
- Identifier
- Length
- Authenticator
- Packet Types
- Access-Request
- Access-Accept
- Access-Reject
- Access-Challenge
- Shared Secrets
- Attributes and Values
- Attributes
- Attribute types
- Vendor-specific attributes
- Values
- Dictionaries
- Attributes
- Authentication Methods
- PAP
- CHAP
- Selecting PAP, CHAP, or Other Protocols
- Realms
- RADIUS Hints
- 3. Standard RADIUS Attributes
- Attribute Properties
- Callback-ID
- Callback-Number
- Called-Station-ID
- Calling-Station-ID
- CHAP-Challenge
- CHAP-Password
- Class
- Filter-ID
- Framed-AppleTalk-Link
- Framed-AppleTalk-Network
- Framed-AppleTalk-Zone
- Framed-Compression
- Framed-IP-Address
- Framed-IP-Netmask
- Framed-IPX-Network
- Framed-MTU
- Framed-Protocol
- Framed-Route
- Framed-Routing
- Idle-Timeout
- Login-LAT-Group
- Login-LAT-Node
- Login-LAT-Port
- Login-LAT-Service
- Login-IP-Host
- Login-Service
- Login-TCP-Port
- NAS-Identifier
- NAS-IP-Address
- NAS-Port
- NAS-Port-Type
- Port-Limit
- Proxy-State
- Reply-Message
- Service-Type
- Session-Timeout
- State
- Terminate-Action
- User-Name
- User-Password
- Vendor-Specific
- Attribute Properties
- 4. RADIUS Accounting
- Key Points in RADIUS Accounting
- Basic Operation
- More on Proxying
- The Accounting Packet Format
- Code
- Identifier
- Length
- Authenticator
- Reliability of Accounting
- Accounting Packet Types
- Accounting-Request
- Accounting-Response
- Accounting-specific Attributes
- Acct-Status-Type
- Acct-Delay-Time
- Acct-Input-Octets
- Acct-Output-Octets
- Acct-Session-ID
- Acct-Authentic
- Acct-Session-Time
- Acct-Input-Packets
- Acct-Output-Packets
- Acct-Terminate-Cause
- Acct-Multi-Session-ID
- Acct-Link-Count
- 5. Getting Started with FreeRADIUS
- Introduction to FreeRADIUS
- Installing FreeRADIUS
- The clients File
- The naslist File
- The naspasswd File
- The hints File
- The huntgroups File
- The users File
- The radiusd.conf File
- Testing the Initial Setup
- In-depth Configuration
- Configuring radiusd.conf
- pidfile
- user and group
- max_request_time
- delete_blocked_requests
- cleanup_delay
- max_requests
- bind_address
- port
- hostname_lookups
- allow_core_dumps
- regular and extended expressions
- log
- lower_user and lower_pass
- nospace_user and nospace_pass
- Configuring the users File
- A sample complete entry
- DEFAULT entries
- Prefixes and suffixes
- Using RADIUS callback
- Completely denying access to users
- Configuring radiusd.conf
- Troubleshooting Common Problems
- Linking Errors When Starting FreeRADIUS
- Incoming Request Passwords Are Gibberish
- NAS Machine Ignores a RADIUS Reply
- CHAP Authentication Doesnt Work Correctly
- 6. Advanced FreeRADIUS
- Using PAM
- Proxying and Realms
- Using the clients.conf File
- FreeRADIUS with Some NAS Gear
- Ascend Equipment
- Cisco Equipment
- Nortel Equipment
- 3Com and US Robotics Equipment
- Using MySQL with FreeRADIUS
- Extending the MySQL Functionality
- Realm support
- Redundancy with MySQL
- Extending the MySQL Functionality
- Simultaneous Use
- When It Goes Pear Shaped
- 3Com and US Robotics equipment
- Ascend equipment
- Cisco equipment
- When It Goes Pear Shaped
- Monitoring FreeRADIUS
- 7. Other RADIUS Applications
- RADIUS for Web Authentication
- The Functionality
- Configuring the Module
- Using Challenge-Response with mod_auth_radius
- Limitations of the Module
- Using the LDAP Directory Service
- Configuring FreeRADIUS to Use LDAP
- Configuring CommuniGate Pro for LDAP Use
- Parsing RADIUS Accounting Files
- Generating Reports
- Example reports
- Using RadiusSplit
- Generating Reports
- RADIUS for Web Authentication
- 8. The Security of RADIUS
- Vulnerabilities
- MD5 and the Shared Secret
- The Access-Request Packet
- The User-Password Cipher Scheme
- The User-Password Shared Secret
- The User-Password Attribute and Password Attacks
- Attacks Using the Request Authenticator
- Repeated request authenticators and the User-Password attribute
- Shared secrets
- The Extensible Authentication Protocol
- Compensating for the Deficiencies
- Modifying the RADIUS Protocol
- Vulnerabilities
- 9. New RADIUS Developments
- Interim Accounting Updates
- The Apple Remote Access Protocol
- The Extensible Authentication Protocol
- Examples of an EAP Conversation
- Potential Uses
- Tunneling Protocols
- New Extensions Attributes
- Acct-Input-Gigawords
- Acct-Output-Gigawords
- Event-Timestamp
- Tunnel-Type
- Tunnel-Medium-Type
- Tunnel-Client-Endpoint
- Tunnel-Server-Endpoint
- Acct-Tunnel-Connection
- Tunnel-Password
- ARAP-Password
- ARAP-Features
- ARAP-Zone-Access
- ARAP-Security
- ARAP-Security-Data
- Password-Retry
- Prompt
- Connect-Info
- Configuration-Token
- EAP-Message
- Message-Authenticator
- Tunnel-Private-Group-ID
- Tunnel-Assignment-ID
- Tunnel-Preference
- ARAP-Challenge-Response
- Acct-Interim-Interval
- Acct-Tunnel-Packets-Lost
- NAS-Port-ID
- Framed-Pool
- Tunnel-Client-Auth-ID
- Tunnel-Server-Auth-ID
- 10. Deployment Techniques
- Typical Services
- System Shell Accounts
- Direct Connect Accounts
- RADIUS and Availability
- Determining Normal System Behavior
- Explicit requirements
- Derived requirements
- Points of Failure
- Planning to Fail
- Proactive System Management
- Case Studies in Deployment and Availability
- Scenario 1: A small, regional ISP
- Scenario 2: A corporation with branch offices
- Determining Normal System Behavior
- Other Things RADIUS
- Other RADIUS Servers
- RADIUS Tools
- Typical Services
- A. Attribute Reference
- Index
- About the Author
- Colophon
- SPECIAL OFFER: Upgrade this ebook with OReilly