A service included with Internet Connection Services for Microsoft Remote Access Service (RAS) that ships with Microsoft Windows NT 4.0 Option Pack and Microsoft Windows 2000. The Internet Authentication Service (IAS) provides authentication and authorization services for remote users who connect to their corporate network. System administrators can also use IAS to monitor connection usage for corporate accounting and billing purposes.
IAS can record each authentication request and response, client logon time, client logoff time, and connection speed. This information can be stored and transferred to a database.
Graphic I-9. Internet Authentication Service (IAS).
IAS uses the Remote Authentication Dial-In User Service (RADIUS) protocol, which allows a network access server (NAS) to forward requests for authentication over the Internet. In a typical implementation, a remote user dials in to a NAS at the user’s Internet service provider (ISP) using the Point-to-Point Protocol (PPP). The NAS receives the authentication request packets from the remote user, packages them into RADIUS packets, and forwards them to an IAS server on the private corporate network.
The IAS server maintains the actual database of users who are allowed to log on to the company network remotely or uses the Security Accounts Manager (SAM) database on a corporate domain controller. Communication between the NAS and IAS servers involves a unique password called a “shared secret,” which secures the exchange of information between them and guarantees its integrity. If the user is authenticated by the IAS server, a packet is sent to the NAS to indicate this, and the NAS allows the user to establish a remote connection to the private corporate network.
IAS supports the Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), and Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) methods for authentication through PPP.