How to Securely Access SBC from Remote Side through TACACS+ and RADIUS

  • Why SBCs Need Remote Access?
    Session border controllers are typically deployed at the border of a network to manage and control the flow of media and signaling between different networks. With remote access, administrators can efficiently manage and configure SBCs without being physically present on-site. Secure and efficient access authorization and diverse protection methods are essential for remote access. DINSTAR SBCs utilize the AAA management mechanism to ensure security.
    What is AAA?
    AAA stands for Authentication, Authorization, and Accounting, which is a security mechanism used for access control in network security. It provides three essential security services: authentication, authorization, and accounting. AAA takes advantage of protocols such as RADIUS, TACACS, TACACS+, and HWTACACS to accomplish the features.
    The differences between TACACS+ and RADIUS
      TACACS+ RADIUS
      It uses TCP as a transmission protocol It uses UDP as a transmission protocol
      All the AAA packets are encrypted. Only the password is encrypted while the other information such as username, accounting information, etc are not encrypted.
      Separates all 3 elements of AAA, making it more flexible. Combines authentication & authorization
      Used for device administration Used for network access
      Send log messages of command operations, connection events, and system-level events to the server for archiving Events log is not supported
      Proprietary protocol Open standard protocol
    DINSTAR Session border controllers all support TACACS+ and RADIUS authentication protocols.
    TACACS+/RADIUS Authentication Process TACACS_1.png
    TACACS+ Authentication Process of SBC TACACS_2.png
    RADIUS Authentication Process of SBC TACACS_3.png
    The Benefits of TACACS+/RADIUS for SBC Remote Access
    The network environment and devices of NGN and IMS are complex and diverse, requiring a unified platform for management and maintenance.
    TACACS+/RADIUS provides authentication, authorization, and accounting services for SBCs in NGN and IMS networks, further enhancing network security.
    DINSTAR SBCs support multiple authentication methods, ensuring enhanced security while accommodating various networking environment requirements.
    SBC Configuration for TACACS+/RADIUS
    To let SBC would be able to support remote access by TACACS+/RADIUS, first, users have to enable the features. How to enable the authentication, please go to Security → Web authentication configuration → Authentication strategy.
    web config.png
    How to enable the TACACS, please go to Security → Web authentication configuration → Tacacs Authentication configuration.
    Tacacs configuration.png
    How to enable the Radius, please go to Security → Web authentication configuration → Radius configuration.
    Tacacs configuration.png
    Conclusion
    TACACS+ and RADIUS are very powerful security feature supports for remote access users. In the deployment of SBC devices, remote access control can also be achieved through TACACS+ and RADIUS. Through such security control, Dinstar SBC can fully ensure the security of remote user access.