RADIUS - Incorrect Statements and Solutions

RADIUS Misconceptions and Fixes

Prev Question Next Question

Question

Which of the following statements pertaining to RADIUS is incorrect:

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

D.

This is the correct answer because it is FALSE.

Diameter is an AAA protocol,AAA stands for authentication, authorization and accounting protocol for computer networks, and it is a successor to RADIUS.

The name is a pun on the RADIUS protocol, which is the predecessor (a diameter is twice the radius)

The main differences are as follows: Reliable transport protocols (TCP or SCTP, not UDP) The IETF is in the process of standardizing TCP Transport for RADIUS Network or transport layer security (IPsec or TLS) The IETF is in the process of standardizing Transport Layer Security for RADIUS Transition support for RADIUS, although Diameter is not fully compatible with RADIUS Larger address space for attribute-value pairs (AVPs) and identifiers (32 bits instead of 8 bits) Clientserver protocol, with exception of supporting some server-initiated messages as well Both stateful and stateless models can be used Dynamic discovery of peers (using DNS SRV and NAPTR) Capability negotiation - Supports application layer acknowledgements, defines failover methods and state machines (RFC 3539) Error notification - Better roaming support - More easily extended; new commands and attributes can be defined Aligned on 32-bit boundaries - Basic support for user-sessions and accounting A Diameter Application is not a software application, but a protocol based on the Diameter base protocol (defined in RFC 3588)

Each application is defined by an application identifier and can add new command codes and/or new mandatory AVPs.Adding a new optional AVP does not require a new application.

Examples of Diameter applications: Diameter Mobile IPv4 Application (MobileIP, RFC 4004) Diameter Network Access Server Application (NASREQ, RFC 4005) Diameter Extensible Authentication Protocol (EAP) Application (RFC 4072) Diameter Credit-Control Application (DCCA, RFC 4006) Diameter Session Initiation Protocol Application (RFC 4740) Various applications in the 3GPP IP Multimedia Subsystem All of the other choices presented are true.So Diameter is backwork compatible with Radius (to some extent) but the opposite is false.

Reference(s) used for this question: TIPTON, Harold.

F.

& KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 2, 2001, CRC Press, NY, Page 38

and https://secure.wikimedia.org/wikipedia/en/wiki/Diameter_%28protocol%29

RADIUS (Remote Authentication Dial-In User Service) is a client/server protocol used to provide centralized authentication, authorization, and accounting management for users who connect and use network services, such as remote access servers, wireless access points, and VPNs.

Let's go through each of the options to identify which statement is incorrect.

A. A RADIUS server can act as a proxy server, forwarding client requests to other authentication domains.

This statement is true. A RADIUS server can act as a proxy server, forwarding authentication requests from clients to other authentication domains such as LDAP, Active Directory, or another RADIUS server.

B. Most of RADIUS clients have a capability to query secondary RADIUS servers for redundancy.

This statement is true. Many RADIUS clients support failover to secondary RADIUS servers to ensure redundancy in the event of a primary RADIUS server failure.

C. Most RADIUS servers have built-in database connectivity for billing and reporting purposes.

This statement is also true. Many RADIUS servers have built-in database connectivity for billing and reporting purposes, allowing administrators to track and report on network usage.

D. Most RADIUS servers can work with DIAMETER servers.

This statement is incorrect. While both RADIUS and DIAMETER are authentication protocols used in network access control, they are not interoperable. RADIUS and DIAMETER are two separate protocols, and most RADIUS servers cannot work with DIAMETER servers.

Therefore, the incorrect statement is D. Most RADIUS servers can work with DIAMETER servers.