We have already looked at authentication and authorization. In this third article, we’ll take a look at the accounting process, the process of monitoring and recording a client’s use of the network, and we’ll describe why it’s essential that the RADIUS server monitors user activity on the network.
RADIUS security is composed of three components: authentication, authorization, and accounting. These three links in the RADIUS security chain are often referred to by their acronym, “AAA”.
The first article in our series described the authentication process, whereby the RADIUS server prevents unauthorized users from accessing the system.
The second article described the authorization process, whereby the RADIUS server restricts what each user can and cannot do while logged into the system.
Advantages of RADIUS Accounting
Users are authenticated on the network through the process of authorization, and their activities, once logged on, are restricted by the process of authorization. So what purpose does RADIUS accounting serve?
There are several reasons to use RADIUS accounting:
RADIUS accounting records the logon and logoff time of each user, so it’s possible to correlate network access with malfunctions, security breaches, and other problems. If something untoward happens on a network, RADIUS accounting can show what clients were logged on at the time.
RADIUS accounting can provide metrics on network usage. Usage trends can be tracked and used in capacity planning, scheduling planned outages, or organizing help desk on-call availability.
Remember that the “DI” in RADIUS stands for “dial-in”? Although not a major concern for most networks anymore, some networks may still charge their users according to the time they spend on the network. Back when dial-up was the only access available for consumers, RADIUS accounting was used by ISPs to track and bill for their customers’ For any network that bills for access time, RADIUS accounting is still the way to go.
Need more help?
InkBridge Networks has been helping clients around the world design and deploy their RADIUS infrastructure for 20 years. We specialize in complex systems and have seen pretty much every variation and problem out there. If you want help from the people who wrote FreeRADIUS, visit our quote page to contact us for a consultation.