Funk Software Steel-Belted Radius Server
One server/one contract (for XP/2000/NT): $4,995
Good capabilities and provides authentication services directly linked to users in the underlying network operating system.
The product relies on Windows as the underlying platform and the manual, although hefty and informative, was confusing at times.
Overall, this is an excellent administration and authentication tool for users, devices and connections.
SummaryThis product enables network and security managers to consolidate the management of wireless users and remote clients, authenticating, authorizing and accounting for all users and activity. It allows pass-through authentication to Windows Active Directory, NT Domains and Hosts, NetWare NDS and Unix NIS, although we only tested it with Windows systems.
The product can be installed on Windows NT/2000/XP and Unix, but only domain authentications are possible if installing it on a Windows NT/2000 server that is a Domain Controller, so give remote access users the "log on locally" privilege on the Domain Controller.
Following a straightforward installation, we configured each of the network access servers (NASs) to communicate with the Radius server by configuring each device independently. We then used the administrator program to configure the server to talk to the NAS devices and identify which users can dial in to the NAS devices.
The product supports various 802.11x security protocols (EAP-TLS, EAP-PEAP, EAP-MD5 and Cisco's LEAP) and these differ in management and the authentication databases they support.
Steel Belted Radius allows users to authenticate an existing user database against a variety of back-end authentication systems, including token-based systems, SQL databases, LDAP directories or any ODBC compliant database.
Funk Software's Odyssey client is included as the client application. Odyssey runs on Windows XP/2000/98/Me and Pocket PC 2002 and uses a simple wizard for installation and configuration.
EAP-based security protects against attacks by providing mutual authentication of client and server, but allows for the distribution of encryption keys to users and APs.
When a user connects to the wireless network via the Odyssey client the AP will query the server to determine if the user is authorized. The product accepts or rejects the connection based on user credential information in the central database.