Funk - Steel-Belted Radius
Übersicht
Egal ob Sie Remote- oder Wireless- Zugänge in Ihrem Netzwerk zulassen, Radius/AAA Server ist Ihre Lösung zur Benutzerauthentifizierung, für sichere Verbindungen und Verteilung der Zugangsbrechtigungen.
Produktinformation (deutsche Version folgt in Kürze)
RADIUS/AAA Server for Managing and Securing Remote and WLAN Access
Steel-Belted Radius is an award-winning RADIUS/AAA server that lets you centrally manage all your remote and wireless LAN (WLAN) users and equipment, and enhance the security of your network.
By performing a powerful trio of functions – user authentication, authorization, and accounting – for all remote and WLAN access users, Steel-Belted Radius significantly alleviates your administrative burden. Now, you won’t have to set up and maintain separate authentication databases on each network access device. Instead, let Steel-Belted Radius validate remote and WLAN users against a central database that you can easily administer. What’s more, if you’re already using NT/2000 or Solaris for your LAN authentication, you can use it for your remote and WLAN user authentication as well, with almost no additional administration.
And, because Steel-Belted Radius works with the widest variety of network access equipment and methods, it can simultaneously manage users who connect via dial-up, the Internet, VPNs/tunnels, ISPs, and WLAN — even if the network access and WLAN access point devices you’re using come from different vendors. Steel-Belted Radius even tracks and documents all remote and WLAN access to your network.
Finally, when managing WLAN user access, Steel-Belted Radius plays the additional roles of setting up and securing WLAN user’s connections, ensuring that connection credentials will not be compromised, and that data privacy will be maintained.
Step up to the next level of remote and WLAN access and security – Steel-Belted Radius.
Centrally Administer all Remote and Wireless LAN Users
Steel-Belted Radius simplifies management of remote and WLAN users by enabling authentication procedures to be performed from one database. This relieves you of the need to administer separate authentication databases for each network access or WLAN access point device on your LAN.
As a complete implementation of the widely used RADIUS (Remote Authentication Dial-In User Service) protocols, Steel-Belted Radius performs three vital functions:
Authentication - validates any remote or WLAN user's username and password against a central security database to ensure that only individuals with valid credentials will be granted network access.
Authorization - for each new connection, provides information to the remote access or WLAN access point device, such as what IP address to use, session time-limit information, or which type of tunnel to set up.
Accounting - logs all remote and WLAN connections, including user names and connection duration, for tracking and billing.
When a user connects to the network via a remote access server, firewall, router, access point, or any other RADIUS-compliant network access device, that device queries Steel-Belted Radius to determine if the user is authorized to connect. Steel-Belted Radius accepts or rejects the connection based on user credential information in the central security database, and authorizes the appropriate type of connection or service. When the user logs off, the network access device informs Steel-Belted Radius, which in turn records an accounting transaction.
Centrally Manage all your Network Access Equipment
Steel-Belted Radius works with the remote and WLAN access equipment and methods you already have in place. Whether you’ve set up dial-in, Internet, VPN, outsourced, WLAN, or any other form of access — in any combination —Steel-Belted Radius can manage the connections of all your remote and WLAN users. That includes:
Dial-in users who connect via remote access servers from 3Com, Cisco, Lucent, Nortel, and others.
Internet users who connect via firewalls from Check Point, Cisco, and others.
Tunnel/VPN users who connect via routers from 3Com, Check Point, Microsoft, Nortel, Red Creek, V-One, and others.
WLAN users who connect via access points from 3Com, Agere, Avaya, Cisco, Colubris Networks, Enterasys, Proxim, Symbol, and others.
Remote users who connect via outsourced remote access services from ISPs and other service providers.
Users of any other device that supports the RADIUS protocols.
Moreover, Steel-Belted Radius supports a heterogeneous network, interfacing with remote and WLAN access equipment from different vendors simultaneously. Steel-Belted Radius automatically communicates with each device in the language it understands, based on customized dictionaries that describe each vendor's extensions to the RADIUS protocol.
Choose any Combination of Authentication Methods
Steel-Belted Radius not only works with the widest variety of remote and WLAN access equipment, but it also makes it possible to authenticate remote and WLAN users according to any authentication method or combination of methods you choose. In addition to Steel-Belted Radius's native database of users and their passwords, Steel-Belted Radius supports “pass-through” authentication to information contained in:
NT, UNIX, and NetWare security systems you've already established for your LAN, including Windows 2000 Active Directory, NT Domains and Hosts, UNIX Network Information Services (NIS) and NIS+, and NetWare NDS and Bindery users, groups, and organizational units. This saves countless hours by allowing you to use the same database to authenticate LAN, remote and WLAN users.
Token-based authentication systems such as RSA Security ACE/Server, CryptoCard, and VASCO DigiPass.
SQL databases, including Oracle and Sybase, for Steel-Belted Radius running on Windows NT and Solaris. Steel-Belted Radius works with your existing SQL table structure, usually eliminating the need for database redesign, and can authenticate against one or more SQL databases, even if they're from different vendors.
LDAP directories, for Windows NT and Solaris versions of Steel-Belted Radius.
Any ODBC-compliant database, for Steel-Belted Radius for Windows NT.
TACACS+, for Windows NT and Solaris versions of Steel-Belted Radius.
Other RADIUS servers, for proxy authentication against a RADIUS server at another site.
For WLAN user authentication, the above methods are only supported if the WLAN security protocol EAP-TTLS (see below) is in use.
Steel-Belted Radius can simultaneously authenticate many users for super-fast performance. If you are combining authentication methods, you can even specify the order in which each is checked. Result: streamlined administration as well as one-stop authentication.
Secure Your WLAN
In addition to authenticating WLAN users and ensuring that only authorized users are allowed to connect, Steel-Belted Radius plays a pivotal role in securing their connections.
Steel-Belted Radius supports the IEEE WLAN security standard 802.1x, and supports a wide variety of 802.1x security methods, including EAP-TTLS, EAP-PEAP, EAP-TLS, Cisco’s LEAP, and EAP-MD5.
The level of security on a WLAN is determined by the EAP authentication type in use. EAP authentication types provide credential security, data security, or both, and vary in the level of security and manageability they offer.
For the strongest WLAN security, choose either EAP-TTLS, EAP-PEAP, or EAP-TLS. They provide unsurpassed credential security, strong mutual authentication of client and server, and distribute per-session 128-bit encryption keys, and re-key at specified intervals, to protect data privacy.
Selecting the right EAP method is not just about security, however. These protocols differ in how easy they are to manage, and in the range of authentication databases they support.
For example, EAP-TLS relies on the use of client-side certificates to authenticate WLAN users. For this reason, it is generally most appropriate for enterprises which have already deployed or committed to a PKI infrastructure. Other enterprises may find the requirement to deploy client-side certificates to all their users too burdensome.
And, while EAP-PEAP is comparable to EAP-TTLS, both in its method of operation and its security, it is not as flexible and cannot support the range of inside-the-tunnel authentication methods that EAP-TTLS can.
Commercial implementations of EAP-PEAP that started appearing at the beginning of 2003 were beset with interoperability problems. Nevertheless, as this protocol is supported by Microsoft and Cisco, it can be expected to find widespread use. It is perfectly suitable for performing secure authentications against Windows domains and Directory Services.
EAP-TTLS supports the widest range of password protocols and authentication databases, simplifying deployment by permitting the use of any existing authentication system for WLAN user authentication, including Active Directories, token systems, LDAP, and SQL databases.
For full security, an 802.1x client that supports EAP-TTLS, EAP-PEAP, or EAP-TLS, such as Funk Software’s Odyssey Client, is required.
WLAN security features are only supported on Steel-Belted Radius running on NT and Solaris.
Market-Leading Performance
Whether you’re managing remote access, WLAN access, or both, Steel-Belted Radius can easily handle your RADIUS traffic. It:
Handles 400 RADIUS packets per second per 400 MHz CPU for remote access authentications
Scales easily to accommodate growing numbers of remote access and WLAN users.
Easily Manage Tunnel/ VPN Authentication
Steel-Belted Radius can centralize the management and administration associated with VPN/tunnel access. Steel-Belted Radius supports:
All standard RADIUS tunneling attributes, as well as the vendor- specific attributes supported by many popular vendors.
MS-CHAP authentication, for full support of Microsoft RAS and PPTP connections.
Tunnel authorization based on username format (user@tunnel, tunnel#user), or the dialed number (DNIS).
Efficiently Handle Proxy Authentication
Proxy RADIUS is a powerful feature of the RADIUS specification that permits one RADIUS server to pass authentication requests to another RADIUS server which has the necessary database to perform authentication.
Steel-Belted Radius fully supports proxy RADUS; it can:
Forward proxy RADIUS requests to other RADIUS servers
Act as a target server that processes requests from other RADIUS servers
Use DNS services to forward proxy RADIUS requests to other RADIUS servers (roaming)
Pass accounting information to a target server, either the one performing the authentication or a different one.
You’ll save countless hours in maintenance if you employ proxy RADIUS when you have multiple sites that remote users could potentially connect to; instead of storing everyone’s authentication information on each possible server, you can simply store pointers to the appropriate authentication database.
Track and Bill with RADIUS Accounting
Steel-Belted Radius logs all authentication transactions, so you'll be able to view the entire history of authentication requests and the resulting responses. If your remote access or WLAN device supports RADIUS accounting, you'll also be able to track how long each user stays connected — and even have the security of being able to see exactly who's connected at any time and on which port.
Accounting data can easily be exported to spreadsheets, databases, and specialized billing software. Or, you can choose to log data directly to your SQL database.
System Requirements
Steel-Belted Radius is available in three versions.
Steel-Belted Radius for Windows XP/2000/NT runs on Windows NT 4.0 or later, including Windows XP and Windows 2000 workstation or server. It's administered from Windows 9x or Windows XP/2000/NT.
Steel-Belted Radius for Solaris runs on Solaris 2.6, Solaris 7, or Solaris 8 running on SPARC or UltraSPARC. It's administered using a Java-based administration program that requires Netscape 4.03 or later, or Microsoft Internet Explorer 4 or later.
Steel-Belted Radius for NetWare runs on a NetWare 3.12 or 4.x server. It's administered from Windows 9x or Windows NT/2000.
Steel-Belted Radius is also available as an appliance.
Unsere Artikelnummer: 33640.
Diesen Text in englisch Funk Steel belted Radius
.
Kontakt:
Sollten Sie uns per E-mail
kontaktieren, wird bei dem nachfolgenden Link die Artikel-/ERP-Nummer
automatisch in die Betreffzeile eingefügt.
Bei Anfragen per Fax geben Sie bitte auch unbedingt die Artikel-/ERP-Nummer an.
Ihr persönlicher
Ansprechpartner/Kontaktformular:
Tim Brakensiek, Kontaktformular für Funk Steel belted Radius
last Update:
01.04.2008
Kunden, die sich "Funk Steel belted Radius
" angesehen haben, haben sich auch folgende Produkte angesehen:
|
|
