Deploying RADIUS: Auditing

Auditing

Recently, a fourth ``A'' has been added to AAA services: auditing. This term describes the pro-active analysis of accounting data and information such as the previously mentioned sFlow or NetFlow to make additional conclusions about user behavior. Auditing is a long-term process that is done as part of basic maintenance, and can give insight as to when user behavior does not match site policy, or when site policy has to be updated.

For example, a user may have logged into a particular server when the intent of the site policy was to deny that user access to that server. An audit of the AAA records would indicate that an authenticated user was authorized to access that server. However, since the intent was to deny that user access, the audit would indicate that the site policy has to be updated. Once the policy was updated, further audits would monitor long-term behavior, to see if the policy was, in fact, being enforced.

Auditing can serve an additional purpose, which is to determine if the NASes are enforcing the authorization policies sent to them. This analysis can potentially indicate when a NAS has been compromised.

Welcome!

RADIUS implementations can be complicated. This site contains a collection of hints, documentation, and information for people who are using RADIUS.

Site news:

How to perform an initial setup of the server.

Configuring PAP as step one to getting the server up and running with your local policy.

Authenticating against Active Directory is a common deployment of FreeRADIUS

The protocol compatibility matrix shows which authentication protocols are compatible with what password storage scheme.

FreeRADIUS HowTos

Auditing

Welcome!

Pages:

Site news:

Links: