Securing Radius Communication; Radius-Based User Authentication In Url - AudioCodes Mediant 4000 SBC User Manual

Session border controllers
Hide thumbs Also See for Mediant 4000 SBC:
Table of Contents

Advertisement

CHAPTER 16    Services
4.
Configure RADIUS timeout handling:
a.
From the 'Behavior upon Authentication Server Timeout' drop-down list, select the option if
the RADIUS server does not respond within five seconds:
b.
In the 'Password Local Cache Timeout' field, enter a time limit (in seconds) after which the
username and password verified by the RADIUS server becomes invalid and a username
and password needs to be re-validated with the RADIUS server.
c.
From the 'Password Local Cache Mode' drop-down list, select the option for the local
RADIUS password cache timer:
5.
Configure when the Local Users table must be used to authenticate login users. From the 'Use
Local Users Database' drop-down list, select one of the following:
When No Auth Server Defined (default): When no RADIUS server is configured or if a
server is configured but connectivity with the server is down (if the server is up, the device
authenticates the user with the server).
Always: First attempts to authenticate the user using the Local Users table, but if not
found, it authenticates the user with the RADIUS server.
6.
Click Apply, and then reset the device with a save-to-flash for your settings to take effect.

Securing RADIUS Communication

RADIUS authentication requires HTTP basic authentication (according to RFC 2617). However,
this is insecure as the usernames and passwords are transmitted in clear text over plain HTTP.
Thus, as digest authentication is not supported with RADIUS, it is recommended that you use
HTTPS with RADIUS so that the usernames and passwords are encrypted. To enable the device
to use HTTPS, configure the 'Secured Web Connection (HTTPS)' parameter to HTTPS Only (see
Configuring Secured (HTTPS)

RADIUS-based User Authentication in URL

RADIUS authentication of the management user is typically done after the user accesses the Web
interface by entering only the device's IP address in the Web browser's URL field (for example,
http://10.13.4.12/) and then entering the username and password credentials in the Web interface's
login screen. However, authentication with the RADIUS server can also be done immediately after
the user enters the URL, if the URL also contains the login credentials. For example:
http://10.4.4.112/Form-
s/RadiusAuthentication?WSBackUserName=John&WSBackPassword=1234.
This feature allows up to five simultaneous users only.
Deny Access: device denies user login access.
Verify Access Locally: device checks the username and password configured
locally for the user in the Local Users table (see
Accounts), and if correct, allows access.
Reset Timer Upon Access: upon each access to a Web page, the timer resets
(reverts to the initial value configured in the previous step).
Absolute Expiry Timer: when you access a Web page, the timer doesn't reset, but
continues its count down.
Web).
Configuring Management User
- 214 -
Mediant 4000 SBC | User's Manual

Advertisement

Table of Contents
loading

Table of Contents