Planning and implementing network
Explain the necessity for configuring a RADIUS server in their office.
The RADIUS only works in the presence of configuration that makes it viable in regulating the access of a network. The configuration files include radius.conf, dictionary, clients, naslist, hints, huntgroups and users (Geier, 2008). The radiusd.con helps in establishing the administrator-controlled items. The dictionary is necessary in providing the definition for the existing RADIUS attributes in other related configuration files. The clients constitute the essential IP addresses for the client who would like to use the network. The clients also contain the secret key that allows the client to access the network. The naslist contains the information for all the Network Access Server (NAS) found in the network (Geier, 2008). The different NASes receives requests sent by the client incase of proxy server. The huntgroup files facilitate the limiting of other huntgroups from accessing the network through definition of all the possible huntgroups within the network. The users file presents the location where there is definition of all the users.
Explain the benefits of installing a RADIUS server in their office.
The installation of the radius server helps in controlling the access of a network by any user ensuring that only the authorized are able to use the network. This means that only the allowed users can access the computer network making it act as a security provider.
The RADIUS server also helps in checking the network usage through keeping record of the number of users. It keeps record of network usage within the office thereby allowing the owners to determine the amount of network is in use. This helps in better management of network usage.
Explain the difficulties and problems associated with setting up RADIUS server configuration.
The RADIUS server cannot detect the disappearance of a connection when there is break up of connection because of the disability of multiple loggins. This means that setting up of a RADIUS server would need an individual to have a constant connection. The RADIUS server cannot work without the presence of NAS’s IP address since this makes it to accept connection. This means that the inability user to know the client’s IP will make the RADIUS server to lose the packet. The presence of the proxy server also leads to the slow down the activity of the server. The presence of proxy server arises when the username have resemblance to the email address. Any pinging on the remote server always slows the connection of the network thereby stopping the working of the RADIUS server.
List the names and descriptions of protocols involved, and identify when each is appropriate.
RFC 2865
This refers to the RADIUS authenticating and authorizing protocol. It possess the following constituents in its flow:
Access reject: this involves denying a user access to any network resource that he or she may have requested. The major reason for the reject may be inability to offer identification proof.
Access challenge: this involves requesting for more information in the event of accessing the network.
Access accept: this involves allowing access to a user through authentication after checking on the authorization. The RADIUS server checks on the authorization of the user to access the network services on request.
RFC 2866
This refers to the RADIUS accounting protocol.
It involves sending accounting request, which helps in giving information about the account holder especially when the RADIUS accepted the accounting information. The accounting protocol also helps in signaling when the user starts to access the network after the NAS sending the Accounting start. The start contains the identification and the address of the user within the network. The accounting response often occurs after the receipt of the Accounting-Request message (Hassell, 2002).
List the specifications of connection request policies.
The time of day and the subsequent day of the week: The time and the day is important since it corresponds to that of NPS server (EC-Council Press, 2010).
The realm name assigned to the connection request found within the server
The type of connection that is on request (EC-Council Press, 2010)
The IP address owned by the client within the RADIUS
Outline the installation process.
Run the server in production mode:
# /usr/local/sbin/radiusd
Sat Apr 24 21:32:52 2004 : Info: Starting – reading configuration files
Confirm that it’s working (it is!):
# radtest test test localhost 0 testing123
Sending Access-Request of id 138 to 127.0.0.1:1812
User-Name = “test”
User-Password = “test”
NAS-IP-Address = www.keller.com
NAS-Port = 0
Re-sending Access-Request of id 138 to 127.0.0.1:1812
User-Name = “test”
User-Password = ” \276\37334X\352V\203\363\31620\306621\211\352″
NAS-IP-Address = www.keller.com
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=138, length=20
Edit /usr/local/etc/raddb/clients.conf — add the following entry:
client 66.167.77.6 {
secret = laraine
shortname = keller.com
Verify the configuration with a RADIUS testing tool (a client simulator) such as NTRadPing from MasterSoft (http://www.dialways.com). Download and run this tool.
Configure the DWL-900AP+ access point to use the new RADIUS server (via the access point’s browser-based administrative interface):
Load server configuration is the last process in the configuration
Reference
Hassell, J. (2002). RADIUS: [securing public access to private resources]. Beijing [u.a.: O’Reilly.
Geier, J. T. (2008). Implementing 802.1X security solutions for wired and wireless networks. Hoboken, N.J: Wiley.
EC-Council Press. (2010). Wireless safety certification: This book maps to wireless 5. Clifton Park, N.Y: Course Technology/Cengage learning.
