How Does a NAS (Network Access Server) Work?
A NAS is a gateway to a wider world of resources for a user. That person must move through the NAS and pass any authentication tests before accessing the resources they need.
You have probably used a NAS even if you didn't realise it. Many years ago, you likely needed to wait for your computer to move through a series of beeps and buzzes before you could reach the internet. That dial-up process was handled by a NAS. (And believe it or not, 2.1 million people still use dial-up systems like this at home right now.)
A dial-up process looks like this:
- Modem connection: The person starts up the computer, connects the modem, and opens a line of communication.
- Modem to NAS: The modem sends your password and username to the NAS.
- Authentication: Once the NAS verifies your access, a window to the internet opens, and you can reach another server.
The NAS has a simple, but crucial, job here. The user's credentials must be verified to ensure proper access. And the NAS must open a gateway, so the user can read another server. Without a network access server, none of that work gets done.
You may not hear similar beeps and clicks when you log into the internet from a computer at work, but the process remains the same. Your request passes through an NAS to verify and grant access.
If you've ever used a printer on the network, you've probably used a NAS too. Your computer connects to the network access server, which verifies that you're approved to connect, and then you can start your print job.
NAS Examples
We've offered a few examples of NAS deployments. But there a number of functions for network access servers, from connecting directly to the internet to using internet-supported services for direct communication.
Common network access server functions include:
- Internet service providers (ISPs). One of the major functions of a NAS is to serve as the gateway to protected remote resources. As such, most are servers that enable ISPs to give their customers access to the internet.
ISPs that supply internet access via modem-like devices, such as cable or DSL, use NAS devices that accept point-to-point protocol, point-to-point tunnelling protocol, or point-to-point protocol over ethernet connections for authentication purposes.
- Communication applications (VoIP). The network access server uses credentials, such as IP addresses or phone numbers, to authenticate users rather than individual usernames and passwords. If the phone number belongs to a valid, active customer — and has specific properties, such as minutes left or long-distance access — the NAS will allow the call to be completed.
A network access server can also support network management and optimisation processes, such as load balancing, network resource management, and user sessions.
- Virtual private network (VPN). These connections give remote users access to a private network. In enterprise settings, VPNs allow employees to securely connect to the business’s network and access the resources they need regardless of their location. This is particularly useful for companies that have flexible workplace policies or a mobile workforce.
A VPN typically consists of two components: a network access server combined with client software. Within that structure, the NAS authenticates employees as they connect to the VPN via the internet. These systems require strong security, as about 69 per cent of VPN users use mobile devices to connect.
Most network access server systems work with authentication, authorisation, and accounting services using the RADIUS protocol. This system typically runs in the background, and it helps to manage network access quickly and efficiently.
How Okta RADIUS Server Agent Can Help
The rapidly evolving security landscape has rendered servers and networks particularly vulnerable to hackers. Due to their sensitive nature and their high level of privileges, server credentials are frequent targets of exploits. Even large organisations have dealt with issues like this recently.
Okta RADIUS can help by providing authentication and authorisation functionality.
To ensure network security, enterprises can leverage the Okta RADIUS Server Agent to support authentication for VPN devices, virtual desktops, and network appliances that don’t support Security Assertion Markup Language (SAML).
The Okta RADIUS Server Agent installs as a Windows service and uses Multi-Factor Authentication (MFA) to delegate authentication to Okta. It defaults to port 1812 and currently supports UDP and the Password Authentication Protocol (PAP). In this way, organisations can rest assured that their VPN connections are secure and their data remains protected.
Resources
OMG: 2.1 Million People Still Use AOL Dialup. (May 2015). CNN.
VPN Statistics: What the Numbers Tell Us About VPNs. (July 2020). Comparitech.