RAD-Series RADIUS Server Version 7.3

Similar documents
RAD-Series RADIUS Server Version 7.1

EAP-SIM Authentication using Interlink Networks RAD-Series RADIUS Server

Pulse Policy Secure. RADIUS Server Management Guide. Product Release 5.1. Document Revision 1.0. Published:

Interlink Networks RAD-Series AAA Server and RSA Security Two-Factor Authentication

Aradial Enforcer / AAA Features & capabilities

SBR Enterprise Series Steel-Belted Radius Servers

Cisco Secure Access Control Server 4.2 for Windows

freeradius A High Performance, Open Source, Pluggable, Scalable (but somewhat complex) RADIUS Server Aurélien Geron, Wifirst, January 7th 2011

Application Note Secure Enterprise Guest Access August 2004

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Aradial Converged VOIP Billing Overview

Steel-Belted Radius. Product Description. Product Overview DATASHEET

Open Directory. Apple s standards-based directory and network authentication services architecture. Features

Cisco Secure Control Access System 5.8

How To Test An Eap Test On A Network With A Testnet (Networking) On A Pc Or Mac Or Ipnet (For A Network) On An Ipnet Or Ipro (For An Ipro) On Pc Or Ipo

Authentication, Authorization and Accounting (AAA) Protocols

Design and Implementation Guide. Apple iphone Compatibility

802.1x in the Enterprise Network

NCP Secure Enterprise Management Next Generation Network Access Technology

Birdstep Intelligent Mobile IP Client v2.0, Universal Edition. Seamless secure mobility across all networks. Copyright 2002 Birdstep Technology ASA

HP Intelligent Management Center Enterprise Software. Platform. Key features. Data sheet

Interlink Networks Secure.XS and Cisco Wireless Deployment Guide

ipad in Business Security

AAA & Captive Portal Cloud Service TM and Virtual Appliance

UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU

Lecture 3. WPA and i

Extensible Authentication Protocol (EAP) Security Issues

Cisco Application Networking Manager Version 2.0

Models HP IMC Smart Connect Edition Virtual Appliance Software E-LTU

VPN. Date: 4/15/2004 By: Heena Patel

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

Network Access Control and Cloud Security

Particularities of security design for wireless networks in small and medium business (SMB)

Framework 8.1. External Authentication. Reference Manual

vwlan External RADIUS 802.1x Authentication

D-View 7 Network Management System

iphone in Business Security Overview

HP Intelligent Management Center User Access Management Software

Application Note User Groups

Network Access Control and Cloud Security

Microsoft Windows Server System White Paper

7.1. Remote Access Connection

ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access. Integration Handbook

Cisco Secure Access Control Server Deployment Guide

How To Create A Virtual Network With A Router And Network Operating System (Ip) For A Network (Ipv) (Ip V2) (Netv) And A Virtualization) (Network) (Wired) (Virtual) (Wire)

Deploying Cisco Basic Wireless LANs WDBWL v1.1; 3 days, Instructor-led

Cisco RV 120W Wireless-N VPN Firewall

Network Security and AAA

EPICenter Network Management Software

Developing Network Security Strategies

The Ultimate WLAN Management and Security Solution for Large and Distributed Deployments

HP PCM Plus v3 Network Management Software Series Overview

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Network Access Security It's Broke, Now What? June 15, 2010

Network Access Control ProCurve and Microsoft NAP Integration

Connection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V

Cisco Wireless Security Gateway R2

Opengear Technical Note

Issue 1 EN. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

HP E-PCM Plus Network Management Software Series

VLANs. Application Note

802.1X AUTHENTICATION IN ACKSYS BRIDGES AND ACCESS POINTS

Enterprise Wireless LAN. Key Features. Benefits. Hotspot/Service Gateway Series

NXC5200/ NWA5000-N Series Wireless LAN Controller/ a/b/g/n Managed Access Point

IBM CICS Transaction Gateway for Multiplatforms, Version 7.0

EPICenter Network Management Software

Release Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May New Features and Enhancements. Tip of the Day

Using RADIUS Agent for Transparent User Identification

Product Summary RADIUS Servers

Wireless VPN White Paper. WIALAN Technologies, Inc.

Deploying iphone and ipad Security Overview

QuickSpecs. Models. Features and Benefits Mobility. ProCurve Wireless Edge Services zl Module. ProCurve Wireless Edge Services zl Module Overview

Deploying iphone and ipad Virtual Private Networks

Mobile Admin Architecture

Cisco RV220W Network Security Firewall

Cisco Prime Optical. Overview

RSA SecurID Two-factor Authentication

HIPAA Compliance and Wireless Networks Cranite Systems, Inc. All Rights Reserved.

802.1X Client Software

Windows Services. Support Windows and mixed-platform workgroups with high-performance, affordable network services. Features

High-performance VoIP Traffic Optimizer Client Solution

WiFiLAN Cloud. Wifi soft Solutions

Mobility, Network Access Control and Convergence for Voice, Video and Data Applications on Corporate Wireless & Wired Networks. UCOPIA White Paper

PATROL Console Server and RTserver Getting Started

How To Set Up A Cisco Rv110W Wireless N Vpn Network Device With A Wireless Network (Wired) And A Wireless Nvv (Wireless) Network (Wireline) For A Small Business (Small Business) Or Remote Worker

HIPAA Compliance and Wireless Networks

Cisco Secure Access Control System 5.5

Cisco RV220W Network Security Firewall

Cisco RV110W Wireless-N VPN Firewall

Cloud Management. Overview. Cloud Managed Networks

iphone in Business How-To Setup Guide for Users

Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN

The following chart provides the breakdown of exam as to the weight of each section of the exam.

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

Transcription:

RAD-Series RADIUS Server Version 7.3 Highly Customizable RADIUS Server for Controlling Access & Security in Wireless & Wired Networks Interlink Networks RAD-Series Authentication, Authorization, and Accounting (AAA) RADIUS Server provides standards-based access control and security for mixed access networks including mobile, wired and wireless networks. The RAD-Series RADIUS Server enables Carriers, Internet Service Providers, and fully networked enterprises to centrally manage the AAA functions for their network users. Because of its high customizability and advanced user features, RAD-Series is ideal for system integrators and OEMs of network equipment. The RAD-Series is high performance, highly scalable and modular RADIUS server with thousands of installations across the world. The RADIUS server supports the AAA RADIUS protocol with a set of sophisticated capabilities required to manage the business aspects of network access. A unique feature of the RAD-Series RADIUS Server is that it supports user-developed plug-in modules which can be used to enhance the authentication and authorization decision-making process, modify incoming or outgoing packets, and provide interfaces to any external system. Runs on Red Hat Linux and SUN Solaris Servers Strong 802.1x Authentication Carrier-Class Reliability and Agility Based on the widely deployed and proven Merit RADIUS architecture, the RAD-Series RADIUS Server provides a fault-tolerant, scalable, higher-performance solution. RADIUS server scalability supports millions of users and delivers high-performance AAA transaction rates up to 2400 authentications per second. Provides reliability with failover, load balancing, and redundancy features. Supports LDAP and Active Directory databases, allowing you to maintain a single, centralized user database for all applications. Optimized for mixed-vendor environments and for use with any remote access device acting as a RADIUS client. Network Access Security The RAD-Series RADIUS Server centralizes the management of network access across all of your networks, allowing you to more easily manage users and secure the information being accessed across the network. Whether you are extending your current network or are deploying a new network, the RAD-Series RADIUS Server provides all of the additional security required for both wireless and wired connections. December 2007 Page 1 of 5

802.1X Network Security Support: The RAD-Series RADIUS Server is fully compliant with the 802.1X standard which centralizes the network access management into a single RADIUS server. RAD-Series is compliant with the WPA and WPA2 security standards for enterprise wireless networks. Complete Extensible Authentication Protocol (EAP) Support: Supports 802.1xcompliant authentication protocols EAP-MD5, Cisco LEAP, EA P-TLS, EAP-TTLS, EAP-PEAP. NEW! EAP-SIM Support for authentication using the Global System for Mobile Communications (GSM) Subscriber Identity Module (SIM). RFC 4186 compliant. Multi-Vendor Compatibility: Works with access points and switches from vendors such as Cisco, Intel, 3Com, Symbol, Agere, Avaya, Enterasys, D-Link, Proxim, Linksys and other industry leading security solutions and platforms. Supports Multiple Access Technologies: Dial-up Broadband Managed VPN Mobile wireless Enterprise WLAN WLAN Hotspots Versatile Service Delivery The RAD-Series RADIUS Server lets you can define user profiles to assign a set of connection attributes to any user or group of users. User profiles can be standardized across different types of network access equipment and networks, allowing the delivery of the appropriate level of authorization to each individual user, regardless of where they are or how they are connected. Supports multiple services: dial-up, wholesale dial-up, broadband, managed VPN, mobile wireless, enterprise WiFi, and WiFi hotspots. Supports 802.11 wireless LAN authentication using 802.1x compliant methods. Supports delivery of wholesale, outsourcing, and roaming services by proxy RADIUS. Interoperates with any other RFC compliant RADIUS server to easily distribute authentication and accounting. System Integrator/OEM-Specific Customization Features: Interlink Networks offers several extensibility features or toolkits for system integrators and OEMs to differentiate their products, add value to their solutions, and re-brand the RADIUS server and components. The customization options for RAD-Series RADIUS Server include a programmable finite state machine, application programming interfaces, an advanced policy engine, and brand-able documentation. Programmable Finite State Machine (FSM) The core Finite State Machine (FSM) engine drives the processes of handling RADIUS requests. These sequential processes can be expanded or modified by changing the FSM without any recoding or recompiling of the engine. The RAD-Series RADIUS Server comes with several predefined solutions from which to choose. Modular Server Architecture Allows Total Customization Application Programming Interfaces (APIs) Authentication API Used to internally develop extensions to the core RADIUS Server architecture, you can build custom modules for unique authentication, authorization, or accounting methods and plug them in to the RADIUS server to control any part of the AAA process. For example, you can: Authenticate users stored in any data source, including off-the-shelf and proprietary databases Track and control usage based on unique billing systems Implement highly customized authorization schemes December 2007 Page 2 of 5

Add support for unique network access hardware User Interface API This branding feature allows OEMs and system integrators to build custom UIs and other RADIUS server management applications tailored to the varied needs of their end-user customers. The API provides a consistent interface to the RADIUS server s configuration and data files, regardless of how or where the information is stored. Allows easy migration and upgrades to new server versions by acting as an abstraction layer between the external interfaces and the core RADIUS functionality. This feature simplifies product localization or internationalization. MAJOR ADVANTAGE: Policy Management that combines power and flexibility with ease of use The Policy Engine Allows Complex Policy Decisions Based on RADIUS Attribute Value Pairs / Combinations & Boolean Operations RADIUS Policy, part of the user Authorization process, is a set of rules to administer, manage, and control access to network resources. RADIUS policies are written to accomplish specific tasks such as to set limits and access restrictions, and to define new service levels and QOS. Interlink s allows you to easily define and enact custom policies using customizable decision files. Our flexible policymaking capabilities can solve virtually any problem that would traditionally require custom programming. You can modify how authentication requests are handled and control how services are delivered and logged using simple text files with Boolean expressions. New! Advanced Policy Features in V7.3 The latest release of the RAD-Series RADIUS Server includes: New action functions including modification and deletion of Attribute Value Pairs (AVPs) Extended substring handling Support for multiple AVP instances Support for AVP filtering of RADIUS requests entering and exiting the RADIUS server. Documentation Re-branding Interlink Networks offers OEMs and System Integrators the ability to place re-brand the Interlink name throughout the user documentation, white papers, and data sheets with your company name and branding. Interlink Networks RAD-Series RADIUS Servers has been re-branded and integrated by a number of major worldwide networking equipment providers. FEATURES: RAD-Series RADIUS Description Authentication Methods Choose your preferred authentication method PAP, CHAP and MS-CHAP 802.1X Compliant Authentication Support EAP-SIM Support Data Sources Flat File (users file/realm file) Password Authentication Protocol, Challenge Handshake Authentication Protocol, and Microsoft s version of CHAP. EAP-MD5, GTC, LEAP, TLS, TTLS, PEAP (Cisco and MS versions). EAP-SIM (optional feature) Full support for RFC 4186 including Pseudonyms and Fast Re-authentication. Support for local Authentication Center (AuC) functionality using user secrets (Ki) from any data store and administrator definable A3/A8 algorithms. 3GPP Milenage A3/A8 algorithm reference implementation. Store user data and profiles in many places/ways Uses flat files stored internally with server. Supports all authentication and authorization features without requiring an external database or directory. Ideal for small to medium applications. UNIX User (Password File) Uses standard existing password files for UNIX systems. UNIX via Password File: Uses extended data sources for UNIX systems: NIS, shadow password, HP security, etc. Inherited automatically through support for UNIX passwords. December 2007 Page 3 of 5

RADIUS Proxy Authentication & Accounting RSA ACE Server LDAP Active Directory Forwards authentication & accounting requests to remote server. Needed for any roaming relationship or large multi-server application. Support for RSA SecurID token cards. Accesses user profiles in LDAP directories. Standard access, reaches many different LDAP implementations. Includes Interlink schema extensions to support simple authorization policies. Includes load balancing and fail-over capabilities. Includes secure communications over SSL. Allows authentication against Microsoft Active Directory Server via LDAP. Authorization Features Policy Decisions & Criteria Simple RADIUS Policy Authorization Reply Items Idle Time-Out Session Time-Out Limits IP Address Assignment Attribute Pruning (filters response AVPs) Attribute Mapping QoS IP Filter Compulsory Tunnels Wireless VLANs Extensibility Features VSA Definitions and RADIUS Dictionary Extensibility Programmable Finite State Machine Software Developer s Toolkit RFC Compliance Allows or denies network access based on specific attribute values. Sets basic session configuration parameters based on Reply items stored in the user profile. This powerful configuration engine allows you to develop and enforce custom policies using simple text files with Boolean expressions. Decisions can be based on nearly any attribute value pairs and conditional operations. For example you can authorize across any set of independent parameters including: -System parameters: time/day/date -Edge device parameters: port #, IP address. -User-specific information: user, group, role You can also create conditional replies for: -Differentiated connection services -Additional security measures Here are some of the outputs possible from the server, which can direct a NAS to take specific action or set specific service levels. Controls length of idle-time for user sessions. Disconnects inactive (idle) sessions left typing up network resources. Limits length of user sessions. Assigns IP address from either static addresses or addresses relayed from DHCP. Can choose not to pass some data elements to NAS after user has been approved. Example: Server only sends AV pairs appropriate to what the particular NAS supports. For legacy NAS devices: provides backwards compatibility for early NASs that did not implement vendor specific attributes complaint with the RADIUS RFCs. Sets throughput or bandwidth by user. Uses named filters to limit which protocols are allowed, and/or where user can go. Forces VPN tunnels. VLANs are used to build boundaries to protect sensitive data while enabling access to role-based network resources. Authenticate and assign users to the correct VLAN based on organization unit, application, role, or any other logical grouping. Tools to create extensions to the server. Dictionary contains VSAs for most major networking equipment vendors. In text file format, it can easily be extended to add vendors and their VSAs to support new vendor-proprietary features without a software upgrade. Makes it possible to redefine the authorization and accounting processes by modifying the finite state machine tables, without recoding or recompiling the engine. Create custom plug-in modules to interface with third party databases, execute custom authentication protocols and algorithms, custom logging, request/response processing, and customization of the user interface. Develop and enforce custom policies using simple text files with Boolean expressions. Decisions can be based on nearly any attribute value pairs and conditional operations. Complaint with the following RADIUS standards and extensions: Complaint RFCs RFC 2284, 2548, 2619, 2621, 2716, 2759, 2809, 2865, 2866, 2867, 2868, 2869, 3579, 3580, 3748, 4186 December 2007 Page 4 of 5

Accounting Proxy Accounting Browser View of Accounting Logs (by date, port, user) Predefined & Customizable Logging Formats Accounting On/Off Packet Support Management Web-based Server Administration Remote Monitoring Configuration file generation Session & Event Logging Simultaneous Access Control SNMP Support DHCP Relay Support Operational Features High Speed Processing Performance Load Balance and Failover across LDAP Server Platforms Solaris Red Hat LINUX Red Hat Enterprise Linux RADIUS Accounting Capabilities Allows accounting records to be forwarded from one RADIUS server to another. Important in roaming or multi-server applications. View log data from the Server Manager. Generates accounting call detail records (CDRs) in Livingston and MERIT formats. Signals NAS start-up or shut-down management. RADIUS Server Management Capabilities Simplifies the set up and maintenance of multiple servers from any Web browser. User profiles and server operation, including status and key statistics, can be configured and monitored remotely. Supports remote monitoring of server status and key statistics. Remotely view access activity and detect authentication problems. Configuration files can be generated via the graphical user interface, command line interface, or scripts. Logs all events to provide extensive audit trails for troubleshooting or security. Supports Merit and Livingston standard for detailed session logging. Concurrency management allows configuring user or realm for simultaneous sessions. Supports standard RADIUS Server MIBs for authentication and accounting. Scales beyond one RADIUS server with same IP pool. Allocates IP addresses for pools managed by DHCP server. RADIUS Server Performance and Reliability Performance measured in thousands of authentications per second depending on hardware configuration. Supports backup LDAP directories with RAD-Series handling failover. RAD-Series RADIUS Server Software runs on: 8, 9, & 10 on Sun Solaris/SPARC hardware. 7.2, 7.3, and 8.0 on Intel hardware. ES Release 3.0, 4.0 & 5.0 on Intel hardware. Interlink Networks, LLC. 2500 Packard Rd., Suite 202 Ann Arbor, MI 48104 Sales: +1 (734) 821-1238 Fax: +1 (734) 821-1235 www.interlinknetworks.com Copyright 2001-2008 Interlink Networks, LLC. All Rights Reserved. The information contained within this document is subject to change without notice. Interlink Networks does not guarantee information accuracy. RAD-Series, Interlink Networks, and the Interlink Networks logo are trademarks of Interlink Networks, LLC. All other brand or product names may be trademarks of their respective owners. December 2007 Page 5 of 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information