Remote Authentication Dial In User Service (RADIUS) is an AAA (authentication, authorization, and accounting) protocol for controlling access to network resources. RADIUS is commonly used by ISPs and corporations managing access to the internet or internal networks across an array of access technologies, including modems, DSL, wireless and VPNs.
AAA
RADIUS servers use the AAA concept to manage network access in the following three-step process, also known as an "AAA transaction".
Authentication
The user or machine sends a Network Access Server (NAS) a request for access to a particular network resource. This information is passed to the NAS device via the link-layer protocol - for example, Point-to-Point Protocol (PPP) in the case of many dialup or DSL providers.
In turn, the NAS sends a RADIUS Access Request message to the RADIUS server, requesting authorization to grant access via the RADIUS protocol.
This request includes a form of identification and a proof of identification, typically in the form of username and password or security certificate provided by the user. Additionally, the request contains information which the NAS knows about the user, such as its network address or phone number, and information regarding the user's physical point of attachment to the NAS.
Authorization
The RADIUS server checks that the information is correct using authentication schemes like PAP, CHAP or EAP. The user's proof of identification is verified, along with, optionally, other information related to the request, such as the user's network address or phone number, account status and specific network service access privileges. Historically, RADIUS servers checked the user's information against a locally stored flat file database. Modern RADIUS servers can do this, or can refer to external sources - commonly SQL, Kerberos, LDAP, or Active Directory servers - to verify the user's credentials.
The RADIUS server then returns one of three responses to the NAS; a "Nay" (Access Reject), "Challenge" (Access Challenge) or "Yea" (Access Accept).
Access Reject - The user is unconditionally denied access to all requested network resources. Reasons may include failure to provide proof of identification or an unknown or inactive user account.
Access Challenge - Requests additional information from the user such as a secondary password, PIN, token or card.
Access Accept - The user is granted access. Once the user is authenticated, the RADIUS server will often check that the user is authorized to use the network service requested. A given user may be allowed to use a company's wireless network, but not its VPN service, for example. Again, this information may be stored locally on the RADIUS server, or may be looked up in an external source like LDAP or Active Directory.
Authorization attributes are conveyed to the NAS stipulating terms of access to be granted.
Finally, if the user is both successfully authenticated and authorized, RADIUS can supply the NAS with additional parameters, such as
The specific IP address to be assigned to the user
The address pool from which the user's IP should be chosen
The maximum length that the user may remain connected
An access list, priority queue or other restrictions on a user's access
L2TP parameters
VLAN parameters
Quality of Service (QoS) parameters
Accounting
RADIUS is also commonly used for accounting purposes.
When network access is granted to the user by the NAS, an Accounting Start request is sent by the NAS to the RADIUS server to signal the start of the user's network access. "Start" records typically contain the user's identification, network address, point of attachment and a unique session identifier.
Periodically, Interim Accounting records may be sent by the NAS to the RADIUS server, to update it on the status of an active session. "Interim" records typically convey the current session duration and information on current data usage.
Finally, when the user's network access is closed, the NAS issues a final Accounting Stop record to the RADIUS server, providing information on the final usage in terms of time, packets transferred, data transferred, reason for disconnect and other information related to the user's network access.
The primary purpose of this data is that the user can be billed accordingly; the data is also commonly used for statistical purposes and for general network monitoring
Thursday, April 10, 2008
3G Mobile phones
The most powerful handset to date from Sony Ericsson's Walkman range, the W890i packs HSDPA internet capabilities, a 3.2-megapixel camera and more.
Blackberry Pearl 8110 Review by 3G.co.uk
If you need 3G or a large display, look elsewhere, but this is probably the smallest mobile email device with a usable keyboard we’ve come across.
The Motorola U9 could easily have been just another clamshell phone with a snazzy finish but, thanks to the OLED and the choice of colours, it’s destined to stand out from the crowd.
3G Features
The most significant feature of 3G mobile technology is that it supports greater numbers of voice and data customers — especially in urban areas — and higher data rates at lower incremental cost than 2G.
By using the radio spectrum in bands identified, which is provided by the UTI for Third Generation IMT-2000 mobile services, it subsequently licensed to operators.
It also allows the transmission of 384 kbit/s for mobile systems and 2 Mb/s for stationary systems. 3G users are expected to have greater capacity and better spectrum efficiency, which allows them to access global roaming between different 3G networks
By using the radio spectrum in bands identified, which is provided by the UTI for Third Generation IMT-2000 mobile services, it subsequently licensed to operators.
It also allows the transmission of 384 kbit/s for mobile systems and 2 Mb/s for stationary systems. 3G users are expected to have greater capacity and better spectrum efficiency, which allows them to access global roaming between different 3G networks
Tuesday, April 8, 2008
Ethereal: A Network Protocol Analyzer
Ethereal® is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements. It runs on all popular computing platforms, including Unix, Linux, and Windows.
Ethereal share a powerful filter engine that helps remove the noise from a packet trace and lets you see only the packets that interest you. If a packet meets the requirements expressed in your filter, then it is displayed in the list of packets. Display filters let you compare the fields within a protocol against a specific value, compare fields against fields, and check the existence of specified fields or protocols.
Filters are also used by other features such as statistics generation and packet list colorization (the latter is only available to Ethereal). This manual page describes their syntax and provides a comprehensive reference of filter fields.
Download for various operating systems here ...
http://www.ethereal.com/download.html
Ethereal share a powerful filter engine that helps remove the noise from a packet trace and lets you see only the packets that interest you. If a packet meets the requirements expressed in your filter, then it is displayed in the list of packets. Display filters let you compare the fields within a protocol against a specific value, compare fields against fields, and check the existence of specified fields or protocols.
Filters are also used by other features such as statistics generation and packet list colorization (the latter is only available to Ethereal). This manual page describes their syntax and provides a comprehensive reference of filter fields.
Download for various operating systems here ...
http://www.ethereal.com/download.html
Classes of GPRS
The class indicates the mobile phone capabilities.
Class AClass A mobile phones can be connected to both GPRS and GSM services simultaneously. Class BClass B mobile phones can be attached to both GPRS and GSM services, using one service at a time. Class B enables making or receiving a voice call, or sending/receiving an SMS during a GPRS connection. During voice calls or SMS, GPRS services are suspended and then resumed automatically after the call or SMS session has ended. Class CClass C mobile phones are attached to either GPRS or GSM voice service. You need to switch manually between services.
Class AClass A mobile phones can be connected to both GPRS and GSM services simultaneously. Class BClass B mobile phones can be attached to both GPRS and GSM services, using one service at a time. Class B enables making or receiving a voice call, or sending/receiving an SMS during a GPRS connection. During voice calls or SMS, GPRS services are suspended and then resumed automatically after the call or SMS session has ended. Class CClass C mobile phones are attached to either GPRS or GSM voice service. You need to switch manually between services.
Subscribe to:
Posts (Atom)