Driving Authentication with Steel Belts

Hands On

Every network needs a sure-fire way to make sure visitors are who they should be, especially when dialing into a site. Of the many methods of authentication available, Remote Authentication Dial-In User Service (RADIUS) servers is one of the most common means of authentication.

One such product is Steel-Belted Radius from Funk Software Inc. This product runs on Windows NT Server 4.0 with Service Pack 4 (SP4) installed, and works with other security systems such as TACACS, proxy RADIUS servers and SecurID authentication systems.

Our test environment included two systems running Microsoft Internet Information Server (IIS) 3.0, each with the latest patches applied. One system is a P-166 MHz server with 128 MB of memory; the other is a higher-end two-way P-233 MMX server with 256 MB of memory. Each server was on a switched Fast Ethernet 100 Mbps network. IIS had Active Server Pages and Front Page 98 server extensions loaded. We used our Internet service provider’s Perle Systems Model 833/AS dialup server with four v.90 modem connections as a test platform for user authentication.

Installation

Steel-Belted Radius installed in less than 10 minutes -- as easily as any application should install. One note: It is important to carefully read the installation requirements section of the manual concerning the type of installation possible.

If you plan on using the Microsoft Point-to-Point Encryption (MPPE) keys for using Microsoft’s Point-to-Point Tunneling Protocol, then you must install the product on a domain controller and grant "log on locally" permissions to those users. If you plan to support both domain and host level authentication, then you must install the product on an NT Workstation or server that is a member server of the domain, but not a domain controller.

The product consumes a minimal amount of memory and disk space, and it was easy to deinstall after the test. We used the comprehensive printed manual during the installation process; it, too, was very complete.

In Use

RADIUS servers, by default and according to the original Internet Request For Comments (RFC), use ports 1645 and 1646 for authentication services. These ports are called "well known ports," and firewalls may have these standard ports defined for use. RFC updates, however, changed the ports to 1812 and 1813, making the original ports unnecessary. Funk Software brings this to your attention early on to avoid conflicts or possible security implications later during use of the product.

To set up the product, we used the one -- and only -- menu provided: the administration screen. Choose an option to be altered, and the respective set of choices appears for you to administer.

Less than 30 minutes is needed to construct a fully functioning RADIUS server.

To examine the effectiveness of the product, we used a sniffer to examine packets of data being used for authentication. The product worked as advertised.

We further tested the product with the Perle 833 chassis for authentication services. Choosing the authentication method in the Perle system, we selected RADIUS. A simple screen appeared, in which we told it how and where to authenticate the users.

The product did not have a single glitch or hiccup, giving us no reason to doubt its worthiness in our network. We believe it will do the same for other users, regardless of the size of your environment.

Steel-Belted Radius
Funk Software Inc.
Cambridge, Mass.
(800) 828-4146, (617) 497-6339
www.funk.com

+ Easy and fast install
+ Simple administration

Must Read Articles