New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere

New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere

Enlarge (credit: Getty Images)

RADIUS harkens back to the days of dial-in Internet and network access through public switched telephone networks. It has remained the de facto standard for lightweight authentication ever since and is supported in virtually all switches, routers, access points, and VPN concentrators shipped in the past two decades. Despite its early origins, RADIUS remains an essential staple for managing client-server interactions for:

  • VPN access
  • DSL and Fiber to the Home connections offered by ISPs,
  • Wi-Fi and 802.1X authentication
  • 2G and 3G cellular roaming
  • 5G Data Network Name authentication
  • Mobile data offloading
  • Authentication over private APNs for connecting mobile devices to enterprise networks
  • Authentication to critical infrastructure management devices
  • Eduroam and OpenRoaming Wi-Fi

RADIUS provides seamless interaction between clients—typically routers, switches, or other appliances providing network access—and a central RADIUS server, which acts as the gatekeeper for user authentication and access policies. The purpose of RADIUS is to provide centralized authentication, authorization, and accounting management for remote logins.

Read 25 remaining paragraphs | Comments

Article Tags:
Article Categories:
Technology