What Does RADIUS Mean?
RADIUS is a client/server protocol that allows an end user to access a proprietary network resource remotely.
RADIUS, which stands for Remote Authentication Dial-In User Service, was developed back in the 1990s to provide centralized authentication, authorization and accounting (AAA) management services for local network resources such as routers and switches.
The protocol has proven to be so versatile, however, that cloud providers are experimenting with ways RADIUS can be used to support Zero Trust Network Access (ZTNA) and limit the risks associated with over-the-air attacks on wireless networks and virtual private networks (VPNs).
Techopedia Explains RADIUS
RADIUS is a critical part of many network security systems, and understanding how it works is essential for anyone who is responsible for managing a network. RADIUS is a standards-based protocol, which means that it is defined by an Internet Engineering Task Force (IETF) specification.
How the Radius protocol works
When an end user tries to connect to a RADIUS client, the client sends a request to the RADIUS Server. (A RADIUS client can be any networking device used to authenticate users at the application layer.) Once the RADIUS server authenticates the end user's credentials, permission for the end user to connect to the RADIUS client will be granted.
RADIUS uses UDP as its transport protocol. UDP is a connectionless protocol, which means that each packet is sent independently and does not require a connection to be established beforehand. This makes RADIUS very scalable, because it can support a large number of clients without requiring a lot of server resources. To ensure that packets are delivered reliably, RADIUS uses error correction.
The cloud delivery model for RADIUS can reduce an organization's capital expenditures (CapEx) because it passes the cost of purchasing and maintaining RADIUS server infrastructure to a third-party cloud provider.
Examples of cloud RADIUS-as-a-Service vendors include:
Portnox – known for making it easy to set up time-sensitive guest access rights for specific URLs and IP addresses.