Network Engines drives steel-belted user authentication

See correction below

RADIUS servers for remote-user authentication, authorization, and accounting can make life easier for the corporate system administrators and accounting departments.

With a RADIUS server in place, administrators have to maintain only one database for authorization purposes, thereby greatly reducing their workloads. Similarly, the detailed billing logs provided by RADIUS servers simplify life for the accounting department.

To authenticate service requests from users dialing in to a network, the RADIUS server takes data passed from a NAS/RADIUS client, matches it to a designated database, and authorizes the user’s service request. After the connection closes, the server logs user information and the duration of the transaction for billing and accounting purposes.

Network Engines' Steel-Belted RADIUS Enterprise Edition Appliance Version 2.0, which runs Version 4.5 of Funk Software's Steel-Belted RADIUS (SBR) Enterprise Edition software, is well suited to take on anything an enterprise or reasonably busy ISV can dish out. It scales to handle as many as 400 RADIUS packets per second and supports major enterprise OSes, such as Unix and Windows NT, XP, and 2000 Professional.

If you’re in the market, important additions to this version make SBR a worthwhile investment. By hardening the Windows 2000 Professional OS, Funk has increased the SBR’s security: Services that the appliance doesn’t require have either been disabled or removed. Other added features include support for Cisco PEAP (Protected Extensible Authentication Protocol) and EAP-TTLS (EAP Tunneled TLS) accounting, which improves account tracking when a user logs in anonymously. Version 4.5 also features improved reject-logging functions and improved authorization for Windows Groups and source IP access.

The Network Engines appliance arrives with the Funk SBR software preinstalled on the 866MHz Pentium III appliance, a time-saver for the system admin.

The appliance boasts a compact 1U rack-mount form factor. I dropped it into a rack relatively easily. Beside the standard mouse, keyboard, monitor, and serial ports, there are two Ethernet and two USB ports located on the back panel. Its front panel offers a well-cloaked CD-ROM and an easily accessible LED, which you can use to turn on the unit and to configure it.

Communication between the RAS (Remote Access Service) client and RADIUS server follows a standard request/reply structure. The RADIUS packets are for authentication or accounting use. You must use compatible UDP (User Datagram Protocol) ports to successfully exchange packets. For example, a NAS must send authentication packets via the same port that the RADIUS server uses to receive them. You must use another port for passing accounting packets.

Adding servers and clients is relatively simple. Configuring the server requires you to input the IP address and the shared, secret alphanumeric string to be used by both the server and client. You also must specify device make and model and UDP port for packet transport. You need virtually the same info to configure clients.

The SBR software is flexible and customizable. It can authenticate using several different means, and it offers three different levels of logging detail. Native user authentication checks against accounts stored directly on the server, and OS pass-through authenticates from an NT security database such as SecurID or TACACS (Terminal Access Controller Access Control System).