Steel Belted Radius

Jonathan Chau

April 30, 1998

3 Min Read
ITPro Today logo in a gray background | ITPro Today

Steel-belted access to your network

Mobility is a hot trend in the PC industry. With notebook computers rapidly becoming as powerful as their desktop equivalents, working remotely is more feasible than ever. However, in most cases, working remotely requires dial-up access to a network. Administrators consider remote network access a chink in the network's security armor: If authorized users can access the network via a modem connection, so can unauthorized users.

For optimal security, network administrators implement authentication services. Traditionally, most authentication services compare a user's logon account and password against a master user database. Windows NT Server's built-in authentication service works well for a handful of users, but the service lacks scalability.

If you activate accounts for dial-up access, an easy and more robust way of handling authentication exists. Funk Software's Steel-Belted Radius 1.5 is a Remote Authentication Dial-In User Service (RADIUS)-compliant authentication server designed for systems that accommodate several remote users.

Steel-Belted Radius comes on two 3.5" disks. Installation on my test server was a snap: The software was ready to use after I fed both disks to the system and created an account for the program to interact with the desktop. After I installed the software, I could select from the NT user database to add new users and groups. I had more than 50 users to add, so this method saved me at least an hour.

After I added the users and groups, the Address Pools dialog box let me specify a range of free IP addresses to assign. Creating an IP pool was easy: I entered the IP addresses and created a pool name and description. Screen 1 shows the results.

The authentication component is solid. When a client machine establishes a Point-to-Point Protocol (PPP) connection with the server, the Steel-Belted Radius service accepts passwords sent using the Challenge Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP). The software then references the passwords against the NT Security Database. This method provides a more robust authentication process than NT's, because Steel-Belted Radius can compare passwords from different users and groups against different hosts and domains rather than granting access to the main dial-up server. The software can handle authentication requests from most RADIUS-compliant remote access servers or firewalls. This capability lets network administrators tailor their network architecture without worrying about remote access falling apart. To accommodate users who aren't in the NT database, Steel-Belted Radius maintains a local user database.

For maximum security, Steel-Belted Radius supports Security Dynamics' SecurID token model. If you use ACE/Server, Steel-Belted Radius looks for SecurID users' personal identification numbers (PINs) and token codes and passes them to the ACE/Server for authentication.

After your system establishes a connection, Steel-Belted Radius logs events and generates statistics. The software's logging capabilities are comprehensive: The log file stores the date and time of each call, the full name and username of the client, the time spent online, the amount of data transferred, the method of disconnection, and the authentication process used to log on the user. To make perusing the log files easy, the software saves records in ASCII format for maximum compatibility and generates the filenames in yyyymmdd format for Year-2000 compatibility.

The administration tool lets you simultaneously manage multiple Steel-Belted Radius servers, but the NT version can handle only NT-based servers. If you're running the NetWare version, you must handle administration tasks with the NetWare administration utility.

The only notable problem I had was the program's inability to activate its own service. For example, shutting down the software service cripples the application until you manually restart the service from the Services applet in Control Panel.

Steel-Belted Radius is an invaluable tool for Internet Service Providers (ISPs) or network administrators who manage numerous remote connections. You'll want to add Steel-Belted Radius to your server if you can justify the price.

Steel-Belted Radius 1.5

Contact: Funk Software * 617-497-6339, Web: http://www.funk.com

Price: $4000

System Requirements: Windows NT 4.0, 32 MB of RAM, 50MB of hard disk space

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like