RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting for users who connect and use a network service.
Description
Remote Authentication Dial In User Service (RADIUS) is a networking protocol that enables remote access servers to communicate with a central server to authenticate users and authorize their access to network services. In the context of Non-Human Identities (NHIs), RADIUS can be used to manage the access and permissions of devices, applications, and services that require authentication without human intervention. This includes IoT devices, automated systems, and various software applications that need to securely connect to networks. RADIUS works by sending user credentials from the client to the RADIUS server for verification, and it returns an accept or reject message based on the authentication outcome. Additionally, RADIUS supports accounting features that track user activity and resource usage, which is crucial for managing NHIs. Its extensibility and support for various authentication methods make RADIUS a versatile solution for securing non-human interactions within enterprise environments.
Examples
- An IoT device using RADIUS for secure network access.
- A cloud service authenticating API requests via RADIUS.
Additional Information
- RADIUS servers can integrate with existing directory services like LDAP.
- It supports protocols such as EAP (Extensible Authentication Protocol) for enhanced security.
References
- The Invisible Army of Non-Human Identities - Dark Reading
- What is a Non-Human Identity? - CyberArk
- Security Operations for Non-Human Identities - The Hacker News
- The Seven Types of Non-human Identities to Secure - CyberArk
- Securing non-human identities: Why fragmented strategies fail
- A Human's Guide to Non-Human Identities (NHIs) - Aembit
- Access Risks of Non-Human Identities - SGNL
- What Are Non-Human Identities and Why Do We Need Them?
- What is a Non-Human Identity? | Silverfort Glossary