Remote Authentication
Remote authentication means that a host runs a remote access server or terminal server that accepts login requests initiated via another host over a network.
- typically used in two scenarios:
- Authenticating with a cloud provider or web host or joining a virtual private network (VPN)
- With a VPN, remote user connects to a remote access server on the perimeter of the private network
- Authenticating with a different host over a private network
- Administrators commonly need to manage switches, routers, and servers
- instead of going to device and start local console session
- they use SSH or RDP to start a session over the network
- from management computer
- target device must be running an SSH server service or RDP terminal access server
- Administrators commonly need to manage switches, routers, and servers
- Authenticating with a cloud provider or web host or joining a virtual private network (VPN)
- storing credentials on the remote access server is a risk:
- If access server is on the network edge, it is more vulnerable to attacks
- if there are multiple access servers,
- difficult to synchronize accounts, credentials, and SSO authorizations
- To mitigate these issues,
- remote access usually uses an authentication, authorization, and accounting (AAA) architecture:
- Supplicant
- device requesting access
- e.g., user’s PC
- Network access server (NAS) or network access point (NAP)
- edge network appliances
- e.g., switches, APs, VPN gateways
- referred to as AAA clients or authenticators
- edge network appliances
- AAA server
- authentication server
- positioned within local network
- holds either:
- database of accounts and credentials
- or has access to a directory server that can authenticate requests and issue SSO authorizations
- two main types:
- Supplicant
- remote access usually uses an authentication, authorization, and accounting (AAA) architecture: