Networking / Beginners

RADIUS Accounting

Steel-Belted Radius logs all authentication transactions, so you'll be able to view the entire history of authentication requests and the resulting responses. If your network access device supports RADIUS accounting, you'll also be able to track how long each user stays connected-with the additional security of being able to see exactly who's connected at any time and on which port.

Accounting data can be exported to spreadsheets, databases, and specialized billing software. Or, you can choose to log data directly to your SQL database.

System Requirements

Steel-Belted Radius is available in three versions:

  • Steel-Belted Radius for Windows NT/2000 runs on Windows 2000 or an NT 4.0 workstation or server. It's administered from Windows 9x or Windows NT/2000.
  • Steel-Belted Radius for Solaris runs on Solaris 2.6, Solaris 7, or Solaris 8 running on SPARC or UltraSPARC. It's administered using a Java-based administration program that requires Netscape 4.03 or later, or Microsoft Internet Explorer 4 or later.
  • Steel-Belted Radius for NetWare runs on a NetWare 3.12 or 4.x server. It's administered from Windows 9x or Windows NT/2000.

In short, a RADIUS server listens for incoming authentication requests from an access point that is acting on behalf of a client computer. The server verifies that the user is in the accounts database, and returns a go/no-go message to the access point, which then determines how much access a client should have. What makes a RADIUS server so universal is that it is standardized. Therefore, if vendor Y builds in RADIUS server support, it should work smoothly with vendor X's RADIUS server. In addition to hardware support, RADIUS servers often include the capability to link into existing user account databases, such as a Windows NT user database or a even a SQL Server database.

In addition to authenticating users, a RADIUS server can be used to authenticate access points. This additional feature forces all existing access points to "log in" before they become part of the network. This means a hacker can't simply plug an access point into some remote hub or switch and expect to be able to immediately use it as a relay point to hack the network. The rogue access point would not be able to communicate with the network because it hasn't been authenticated.

Another benefit of a RADIUS server is its capability to control various aspects of authorization, such as time limits and re-keying schedules. In addition, many RADIUS servers support EAP, which is a way of using anything from smart cards to digital certificates to authenticate a user instead of a username and password.

[Previous] [Contents] [Next]

In this tutorial:

  1. Securing the WLAN
  2. Access Point-Based Security Measures
  3. MAC Filtering
  4. Controlling the Radiation Zone
  5. Defensive Security Through a DMZ
  6. Third-Party Security Methods
  7. VPNs
  8. Funk Steel-Belted Radius
  9. Central User Administration
  10. Central Hardware Administration
  11. Securing Your Wireless LAN
  12. RADIUS Accounting
  13. WLAN Protection Enhancements
  14. AES