Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Desktop Virtualization: Microsoft, VMware in Cost Smackdown
Ethernet switches, routers, Wi-Fi on the upswing
Palm Prime for Acquisition
8 things you didn't know about Windows Phone 7
Multicore requires OS rework, Windows architect advises
Novell's Pulse enterprise 2.0 suite goes beta next week
EMC chief's pay drops 23% to $9 million
Judge approves Facebook's settlement offer in Beacon case
National broadband plan: What’s in it for businesses?
Mobile developers take measure of Windows Phone 7
Comcast, ISC offer IPv6 transition tool
New Cisco Ethernet switches to play broader video, security roles
Windows XP: No IE9 for you
Microsoft lowers Windows licensing costs for virtual desktops
Apple's Ban on Screen Protectors Makes (Some) Sense

Diameter addresses RADIUS flaws

Today's breaking news
Send to a friendFeedback

By Tim Greene
Network World, 08/23/99

You've heard of RADIUS, but what is Diameter?

RADIUS is a protocol to authenticate users who dial in to private networks, hence its full name: Remote Authentication Dial-in User Service.

Dial-in network access servers challenge callers for user name and password, which are checked against a RADIUS server. But RADIUS has been used in ways in which it was never intended, and some say it is time for a new protocol.

One proposal is Diameter. "[The name] Diameter is really a joke that means RADIUS times two," says Pat Calhoun, a Sun engineer and the main author of the Diameter draft under consideration by the Internet Engineering Task Force (IETF).

Diameter can offer more secure authentication, authorization and accounting than RADIUS in some cases, Calhoun says. For instance, ISPs share dial-up points of presence with other ISPs. That way, an ISP's customers can travel from country to country and access the 'Net via local calls. But in this case, RADIUS has a shortcoming that makes Diameter attractive.

The cooperating ISPs use RADIUS checks to ensure that customers are authorized to use the distant POPs. Because the local network access server issues the challenge to customers, the local ISP that takes the call can capture valid challenge and response exchanges. Later, that ISP could use those valid exchanges to make it appear that customers are making calls when they are not. Dishonest ISPs could alter accounting that affects the bills charged for roaming Internet access.

Diameter sets up a challenge and response between a customer and the customer's home Diameter server. Intervening devices don't know that the packets include authentication data. Such a Diameter server could reside in a corporate net to handle authentication challenges for traveling employees.

Diameter can also be used to authenticate and authorize users of Code Division Multiple Access (CDMA) wireless data services. Employees using portable CDMA devices would seek authorization to use a carrier's CDMA net. The request would be forwarded to a Diameter server within the net of the firm paying for the service. The server would accept or reject the request.

- Tim Greene


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.