Kicking the RADIUS Tires
September 16, 2002
Major and minor upgrades have been announced from two leading wireless RADIUS server makers, Funk Software and Meetinghouse Data.
Two of the leading 802.1X authentication server/client providers have upgrades available to their RADIUS server products that further enhance security and features.
Meetinghouse Data Communications of Portsmouth, NH, has taken the leap to LEAP, Cisco's proprietary security protocol, licensing it for their AEGIS Server.
Cisco's LEAP is available on its own product line, which has a very large install base (a 9.9% share of the market as of the second quarter of 2002 according to Synergy Research Group). Adding LEAP support lets Meetinghouse Data work with a potential new and large customer base.
Meetinghouse has also added Lightweight Directory Access Protocol (LDAP) support for maintaining directories of users for authentication. AEGIS Server will now run on Windows 2000 and XP.
Anthony Delli Colli, Meetinghouse Data's VP of sales and marketing, says, "We will continue to add EAP types." Currently AEGIS Server ($2500 or $3200 with LDAP) and clients ($39.99) supports EAP-TLS, EAP-TTLS, MD5 and now Cisco LEAP on Windows, Solaris and Linux. They also have a MacOS X clientA bit to the southeast, Cambridge, MA-based Funk Software has a new version of its own 802.1X RADIUS server, Odyssey, now up to version 1.1. The company has also relaunched its higher-end Steel-Belted Radius Server, now up to 4.0, for the first time with WLAN support.
"We've now added features to both products, which allow us to position them together," says Joe Ryan, Vice President at Funk Software. "They are a suite of solutions for WLAN security. You can look at Odyssey as for a standalone WLAN. As the environment and the requirements for access security become more complex in wireless -- maybe things like authentications against an LDAP or SQL database or using security tokens -- then you move over to our Steel-Belted Radius product."
The Odyssey Server has a proxy feature so it will handle local authentication but can also forward requests to Steel-Belted Radius. This lets it act locally or as part of a larger infrastructure. Using Odyssey then becomes a more affordable solution for remote offices or departments of large enterprises that also need remote wireless authentication.
In this new wireless-capable version of Steel-Belted Radius, the company has also added support for the EAP-TTLS and EAP-TLS security protocols. It comes in both a $4000 Enterprise edition and a $10,000 Global edition suitable for worldwide companies. It runs on Windows 2000, Windows XP or Solaris. Client/supplicant systems need only run an 802.1X client such as the $50 Odyssey Client or the one included for free with Windows XP.
Ryan says he sees Funk's real competition not in a particular vendor with a similar product line like Meetinghouse, but in the technology of virtual private networks (VPN) used for secure connections. He feels concentrating on the open standards for 802.1X will put Funk ahead of the pack, even the big names.
"When a company says they want WLAN, they look at security first [and] they have to choose VPN or 802.1X," says Ryan. "VPN doesn't scale, creates management and cost issues. When they chose [802.1X], Cisco and Microsoft may be the most visible, but this is Funk's business. Cisco is proprietary and Microsoft doesn't even charge."
Eric Griffith is the managing editor of 802.11 Planet.