Funk Software Inc. is introducing upgraded software that lets Cisco Systems Inc. gear users authenticate and gain access to wireless networks via Funk's RADIUS servers.
The Steel-Belted Radius Version 4.5 supports Cisco's version of Protected Extensible Authentication Protocol (PEAP), the protocol Cisco uses to securely transport authentication data, including passwords, over 802.11 wireless networks without requiring digital certificates from clients.
RADIUS servers sit at the edge of corporate LANs, where their directories can be used to authenticate users and where they also define access privileges and keep track of when users log on. PEAP is one of several authentication protocols wireless equipment vendors use to secure access to wireless networks such as Microsoft PEAP, EAP-TLS, EAP-Tunneled Transport Layer Security (TTLS), Lightweight EAP (LEAP) and EAP-MD5.
Before this software release from Funk, users needed a Cisco RADIUS server or one from another vendor supporting Cisco LEAP such as Meetinghouse Communications and Interlink.
This feature might become essential to Spurs Sports & Entertainment, the company that runs the San Antonio Spurs basketball team and the SBC Arena, says Brandon San Miguel, network engineer for the company. Spurs Sports & Entertainment is considering wireless access from within the arena to TicketMaster servers for fans within the building. Wait staff serving fans in the first 10 rows would use it to place food and drink orders and pass credit card information, San Miguel says.
Cisco's PEAP plugs a gap for Cisco users, but in the long term other authentication protocols not tied to a single vendor likely will dominate, according to a Meta Group study. "Users may consider LEAP as a tactical short-term solution, but they should ultimately move to deploy an EAP type of solution that is not tied to a specific vendor's hardware," the study says.
Meanwhile, the Spurs organization jumped on another feature of the new Steel-Belted RADIUS release that supports better integration with Microsoft Corp.'s Active Directory and Windows NT Domains. Remote users who log on via SonicWall Inc. virtual private network (VPN) gear in the Spurs' network are authenticated by Active Directory via the Funk RADIUS server. So rather than storing a list of user authorizations on the VPN gear or RADIUS server, Steel-Belted Radius passes requests through to Active Directory.
Previously, the Funk software would not check for a single user in different Active Directory groups. That could result in a user being authenticated to whatever group Active Directory came across first, which might not be the group with which the user was trying to log on.
San Miguel says this feature makes it unnecessary for authentication lists to be created on the SonicWall gear or within Steel-Belted Radius for the roughly 50 VPN users. Instead, the authentication is passed through to the Active Directory, which will check all entries for each user, San Miguel says.
Other new features in Steel-Belted Radius 4.5 include:
-- Support for keeping track of wireless users by name even when they log on anonymously. The software now peers inside Funk's TTLS tunnels to see actual user identities for tracking and possible billing of users.
-- Reporting tools to better parse log files into useful data such as numbers of failed logon attempts by a user and more details on why users are rejected.
-- Redirection for users whose logon attempts are rejected. This integrates with third-party software to let administrators divert a user to a secure Web site where they can, for example, reset a password so they successfully can log on.
Steel-Belted Radius costs US$4,000 for the Enterprise edition and US$10,000 for the Global Enterprise edition. Upgrades for current customers cost US$1,400 and US$3,500, respectively, for the two editions.