|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: IAS as a RADIUS server
From: Leo, Joel (Joel.Leo
cw.com)
Date: Wed Jul 30 2003 - 14:29:49 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Also, with IAS you could go one further and encrypt the radius ports
between the radius clients and server, and between the radius server and
the dcs with ipsec. Relevant ports are udp 1812 & udp 1813.
Joel
-----Original Message-----
From: Beadles, Mark A [mailto:MBeadlesSmartPipes.com]
Sent: Wednesday, July 30, 2003 9:07 AM
To: 'Henry, Christopher M.'; 'focus-mssecurityfocus.com'
Subject: RE: IAS as a RADIUS server
Henry
I've been using IAS in a fairly large deployment here (about 10
production servers running IAS) for a number of years now. It has been
stable for us and we have never had a security issue with it. IAS is
also one of the better RADIUS servers as far as feature set, i.e.,
support for extensions and compliance with standards. I would think if
you are already using Active Directory as your back-end user store, IAS
is probably the way to go.
RADIUS is a pretty secure protocol itself, so as far as security I'd
recommend standard stuff -- lock down your Windows OS and have
reasonable ACLs and IDS on your network.
My $.02
+ Mark Anthony Beadles + mbeadlessmartpipes.com +
+ Chief Architect + SmartPipes, Inc. +
+ Vox 614.923.5657 + Fax 614.923.6299 +
-----Original Message-----
From: Henry, Christopher M. [mailto:chenryradiologycorp.com]
Sent: Wednesday, 30 July 2003 08:11
To: focus-mssecurityfocus.com
Subject: IAS as a RADIUS server
I am in the process on implanting a RADIUS server to authenticate users
logging on from my RAS server and VPNs. I have been reading about using
IAS as a RADIUS server, but I was not entirely sure exactly how secure
it is. What are your experiences using IAS, or would you recommend that
I use another product for greater security?
Just to give a little background, I need to use a RADIUS server the
interacts with active directory, so users will have the same username
and password no matter where they log in from.
------------------------------------------------------------------------
---
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]