Authentication, Authorisation, Accounting

Authentication, Authorisation, Accounting

RADIUS (Remote Authentication Dial-In User Service) is an important method to protect the enterprise network from cyberattacks. RADIUS provides for certificate-based and mutual authentication of the client and the network. 

RADIUS is a networking protocol providing centralised Authentication, Authorisation, and Accounting (AAA) management for users who connect to and use a network. The concept of 3 A's increases security, enhances reporting and tracking capabilities and assigns individual users with unique network permissions. 

When a user connects to the network, RADIUS authenticates their identity before authorising them to access the network. The authorisation is done after enrolling on a certificate from the PKI or when the user credentials are confirmed. Only users with the correct certification or credentials are granted access to the network.


Certificate-Based Validation Using EAP-TLS Authentication

EAP-TLS is a certificate-based protocol and is considered one of the most secure EAP standards. It requires both server and client-side digital certificates for establishing a connection. The digital certificate must be signed by a CA trusted by both the client and the server. 

EAP authentication method ensures that users' information sent over the air is encrypted and avoids interception. This approach provides higher security to the EAP-TLS method. If an intruder somehow managed to compromise the password, it would still require hacking the client-side certificate.


EAP-TLS provides several features that prevent from cyberattacks. EAP-TLS and RADIUS enhance the security level even further. EAP-TLS uses electronic certificates, providing a far stronger authentication. With this authentication method, an electronic certificate is installed on the client to reject the connection from unauthorised devices. This solves the risks of getting trapped by the infamous Man-in-the-Middle. A compromised password is not enough to break into EAP-TLS enabled systems because the intruder still needs to have the client-side certificate. 

The disadvantage of EAP-TLS is the distribution of electronic certificates to each client, and certificates must be managed on both the client and server sides. Soliton developed NetAttest EPS in combination with Soliton KeyManager to generate and distribute certificates in only three clicks.


Agentless & No Vendor Lock-in

RADIUS conforms to the RFC standard allowing NetAttest EPS to integrate and communicate with any network infrastructure component, such as switches and access points. By default, RADIUS eliminates the need for agents and avoids vendor lock-in. Unlike other NAC solutions, NetAttest EPS is not built on proprietary features in the RADIUS, offering flexibility and seamless integration into any existing infrastructures.

Contact us to find out more