One of the most recognizably and important book for the information security field has been updated and released. The book (CISSP All-In-One Study Guide) is commonly referred to as the information security bible and is used all over the world for studying for the CISSP exam, but even more important it is used continually as a resource by security professionals because it covers all of the elements needed to develop and maintain a security program for any organization. Some of the new items that this book, and its corresponding CISSP course, dives into technologies which are just starting to mature in the industry, thus are confusing to thousands of people. One of the items that are fully covered in the book and its extensive course is the Dimater protocol.

Diameter protocol, one of the newer protocols, is unknown to many security professionals, but is silently spreading and will soon be known as well as people’s understanding of Radius and TACACS+. Diameter is this protocol that has been developed to build upon the functionality of RADIUS and overcome many of its limitations. The creators of this protocol decided to call it Diameter as a play on the term RADIUS—as in the diameter is twice the radius.

Diameter is another AAA protocol that provides the same type of functionality as RADIUS and TACACS+ but also provides more flexibility and capabilities to meet the new demands of today’s complex and diverse networks. At one time, all remote communication took place over PPP and SLIP connections and users authenticated themselves through PAP or CHAP. Those were simpler, happier times when our parents had to walk uphill both ways to school wearing no shoes. As with life, technology has become much more complicated and there are more devices and protocols to choose from than ever before. Today, we want our wireless devices and smart phones to be able to authenticate themselves to our networks and we use roaming protocols, Mobile IP, Ethernet over PPP, Voice over IP (VoIP), and other crazy stuff that the traditional AAA protocols cannot keep up with. So in came the smart people with a new AAA protocol, Diameter, that can deal with these issues and many more.

Diameter protocol consists of two portions, as shown in the graphic below. The first is the base protocol, which provides the secure communication among Diameter entities, feature discovery, and version negotiation. The second is the extensions, which are built on top of the base protocol to allow various technologies to use Diameter for authentication.

Mobile IP is a technology that allows a user to move from one network to another and still use the same IP address. It is an improvement upon the IP protocol because it allows a user to have a home IP address, associated with his home network, and a care-of address. The care-of address changes as he moves from one network to the other. All traffic that is addressed to his home IP address is forwarded to his care-of address. Up until the conception of Diameter, IETF has had individual working groups who defined how Voice over IP (VoIP), Fax over IP (FoIP), Mobile IP, and remote authentication protocols work. Defining and implementing them individually in any network can easily result in too much confusion and interoperability. It requires customers to roll out and configure several different policy servers and increases the cost with each new added service. Diameter provides a base protocol, which defines header formats, security options, commands, and AVPs. This base protocol allows for extensions to tie in other services, such as VoIP, FoIP, Mobile IP, wireless, and cell phone authentication. So Diameter can be used as an AAA protocol for all of these different uses. As an analogy, consider a scenario in which ten people all need to get to the same hospital, which is where they all work. They all have different jobs (doctor, lab technician, nurse, janitor, and so on), but they all need to end up at the same location. So, they can either all take their own cars and their own routes to the hospital, which takes up more hospital parking space and requires the gate guard to authenticate each and every car, or they can take a bus. The bus is the common element (base protocol) to get the individuals (different services) to the same location (networked environment). Diameter provides the common AAA and security framework that different services can work within.

Diameter Protocol is just one of the many topics covered in the Shon Harris CISSP Course!