Why SBCs Need Remote Access?
Session border controllers are typically deployed at the border of a network to manage and control the flow of media and signaling between different networks. With remote access, administrators can efficiently manage and configure SBCs without being physically present on-site. Secure and efficient access authorization and diverse protection methods are essential for remote access. DINSTAR SBCs utilize the AAA management mechanism to ensure security.
What is AAA?
AAA stands for Authentication, Authorization, and Accounting, which is a security mechanism used for access control in network security. It provides three essential security services: authentication, authorization, and accounting. AAA takes advantage of protocols such as RADIUS, TACACS, TACACS+, and HWTACACS to accomplish the features.
The differences between TACACS+ and RADIUS
TACACS+ |
RADIUS |
It uses TCP as a transmission protocol |
It uses UDP as a transmission protocol |
All the AAA packets are encrypted. |
Only the password is encrypted while the other information such as username, accounting information, etc are not encrypted.
|
Separates all 3 elements of AAA, making it more flexible. |
Combines authentication & authorization |
Used for device administration |
Used for network access |
Send log messages of command operations, connection events, and system-level events to the server for archiving |
Events log is not supported |
Proprietary protocol |
Open standard protocol |
DINSTAR Session border controllers all support TACACS+ and RADIUS authentication protocols.
TACACS+/RADIUS Authentication Process
TACACS+ Authentication Process of SBC
RADIUS Authentication Process of SBC
The Benefits of TACACS+/RADIUS for SBC Remote Access
The network environment and devices of NGN and IMS are complex and diverse, requiring a unified platform for management and maintenance.
TACACS+/RADIUS provides authentication, authorization, and accounting services for SBCs in NGN and IMS networks, further enhancing network security.
DINSTAR SBCs support multiple authentication methods, ensuring enhanced security while accommodating various networking environment requirements.
SBC Configuration for TACACS+/RADIUS
To let SBC would be able to support remote access by TACACS+/RADIUS, first, users have to enable the features. How to enable the authentication, please go to Security → Web authentication configuration → Authentication strategy.
How to enable the TACACS, please go to Security → Web authentication configuration → Tacacs Authentication configuration.
How to enable the Radius, please go to Security → Web authentication configuration → Radius configuration.
Conclusion
TACACS+ and RADIUS are very powerful security feature supports for remote access users. In the deployment of SBC devices, remote access control can also be achieved through TACACS+ and RADIUS. Through such security control, Dinstar SBC can fully ensure the security of remote user access.