Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Apple tops the $100B+ tech club
How to get the IRS' attention: Forge nearly $8 million in tax returns, steal identities
Microsoft details Windows 8 for ARM devices
Blogger exposes major Google Wallet security flaw
Web app lets enterprise set security, sharing for Google Apps users
Cloudscaling to offer OpenStack private cloud platform
Valentine's Day Patch Tuesday: Microsoft to issue 9 patches, 4 critical
Mobile World Congress sneak peek: Quad-core smartphones, Ice Cream Sandwich & more
Microsoft details 'Windows on ARM' program
March debut of 'iPad 3' a sure bet, says analyst
Resume Makeover: How an Information Security Professional Can Target CSO Jobs
FBI unbolts Steve Jobs 1991 investigation file
Cisco boosted profit, sales in Q2 while cutting costs
Macs take on the enterprise

Diameter addresses RADIUS flaws

Today's breaking news
Send to a friendFeedback

By Tim Greene
Network World, 08/23/99

You've heard of RADIUS, but what is Diameter?

RADIUS is a protocol to authenticate users who dial in to private networks, hence its full name: Remote Authentication Dial-in User Service.

Dial-in network access servers challenge callers for user name and password, which are checked against a RADIUS server. But RADIUS has been used in ways in which it was never intended, and some say it is time for a new protocol.

One proposal is Diameter. "[The name] Diameter is really a joke that means RADIUS times two," says Pat Calhoun, a Sun engineer and the main author of the Diameter draft under consideration by the Internet Engineering Task Force (IETF).

Diameter can offer more secure authentication, authorization and accounting than RADIUS in some cases, Calhoun says. For instance, ISPs share dial-up points of presence with other ISPs. That way, an ISP's customers can travel from country to country and access the 'Net via local calls. But in this case, RADIUS has a shortcoming that makes Diameter attractive.

The cooperating ISPs use RADIUS checks to ensure that customers are authorized to use the distant POPs. Because the local network access server issues the challenge to customers, the local ISP that takes the call can capture valid challenge and response exchanges. Later, that ISP could use those valid exchanges to make it appear that customers are making calls when they are not. Dishonest ISPs could alter accounting that affects the bills charged for roaming Internet access.

Diameter sets up a challenge and response between a customer and the customer's home Diameter server. Intervening devices don't know that the packets include authentication data. Such a Diameter server could reside in a corporate net to handle authentication challenges for traveling employees.

Diameter can also be used to authenticate and authorize users of Code Division Multiple Access (CDMA) wireless data services. Employees using portable CDMA devices would seek authorization to use a carrier's CDMA net. The request would be forwarded to a Diameter server within the net of the firm paying for the service. The server would accept or reject the request.

- Tim Greene


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.