Achieving Ease of Use in RADIUS Management While Maintaining Network Security

The need for ease of use in network management has never been greater. The ever-increasing pace of technical innovation has made it impractical for some of the most technical IT personnel to keep up with the innumerable configuration options and syntaxes. This has led to the widespread use of Graphical User Interfaces (GUIs). This allows the user navigates through a sequence of configuration screens and be presented with a list of options, instead of having to remember what configuration details are required and how to type the corresponding commands at the console prompt. Everyone is familiar with this style of interface on their desktop computer. The same ease of use has been extended to remote network devices through web-based graphical interfaces and the HyperText Transfer Protocol (HTTP).

With this ease of use come a number of security problems.

1. HTTP uses clear text making it easy to intercept passwords.
2. Default passwords for well-known applications become “back doors” to the system if they are not changed or disabled.
3. Well-known port numbers for administrative interfaces make themselves subject to attack.
4. Managing security issues becomes more difficult when each device must be managed by its own independent interface.

Keeping network devices such as a RADIUS Server behind a firewall does not solve the problem. Not all employees are intended to have administrative access to network resources. Security must be applied on the inside of an organization as well as outside. In addition, any successful attempt to hack through the firewall now has access to hack any device behind the firewall, creating yet more holes.

Interlink Networks RAD-Series RADIUS Server Manager

The RAD-Series RADIUS Server Manager addresses all of the above security issues.

1. The RADIUS Server Manager is easily configured to use HTTPS instead of HTTP. This is the same protocol used by commercial web sites to provide secure encrypted communications for sensitive information like credit card numbers.
2. Unlike many administrative interfaces, the RADIUS Server Manager requires an administrative username in addition to a password. To further protect against a default password being used as a back door, the RADIUS Server Manager installer prompts for the Administrator’s login name and password instead of always starting with a default.
3. The RADIUS Server Manager is easily configured to use any desired port number rather than being limited to a fixed default port.
4. A single Server Manager can manage multiple RAD-Series RADIUS Servers. This contributes to ease of use and the assurance that all servers will be managed in a consistent and secure fashion. Communication between the RADIUS Server Manager and the servers is further secured through the use of a shared secret.

Ease of use and secure operations are both important goals in managing the corporate network. With the RAD-Series RADIUS Server Manager, both of these goals can be achieved without diminishing the other.