Re: IAS as a RADIUS server

• Previous message: Larry Seltzer: "HTASploit"
• In reply to: Henry, Christopher M.: "IAS as a RADIUS server"
• Next in thread: Beadles, Mark A: "RE: IAS as a RADIUS server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 30 Jul 2003 11:49:15 -0400
To: "Henry, Christopher M." <chenry@radiologycorp.com>

Henry, Christopher M. wrote:

> I am in the process on implanting a RADIUS server to authenticate users
> logging on from my RAS server and VPNs. I have been reading about using
> IAS as a RADIUS server, but I was not entirely sure exactly how secure
> it is. What are your experiences using IAS, or would you recommend that
> I use another product for greater security?
>
> Just to give a little background, I need to use a RADIUS server the
> interacts with active directory, so users will have the same username
> and password no matter where they log in from.
>
> ---------------------------------------------------------------------------
> Your network firewall and IDS products do not prevent Web application
> attacks - the most common form of online exploitation- resulting in Web
> defacement, data theft, sabotage and fraud.
> KaVaDo is the only company that provides a complete suite of Web
> application security products.
> Download a FREE whitepaper on "Security Policy Automation for Web
> Applications":http://www.securityfocus.com/Kavado-focus-ms
> ---------------------------------------------------------------------------
>
I have IAS setup on a small server in our DMZ. We use it to authenticate
  our Cisco VPN users. Works well for us. We only alllow the relevant
RADIUS traffic from the DMZ to the DMZ interface on the firewall.

--Chris

-- 
Christopher Harrington, CISSP
NMI InfoSecurity Solutions
145 Newbury Street, Second Floor
Portland, ME 04101
207-780-6381, x236
207-780-6301, FAX

• application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature

• Previous message: Larry Seltzer: "HTASploit"
• In reply to: Henry, Christopher M.: "IAS as a RADIUS server"
• Next in thread: Beadles, Mark A: "RE: IAS as a RADIUS server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: IAS as a RADIUS server ... with IAS you could go one further and encrypt the radius ports ... IAS as a RADIUS server ... RADIUS is a pretty secure protocol itself, so as far as security I'd ... Your network firewall and IDS products do not prevent Web application ... (Focus-Microsoft) Re: Do not use Active Directory ... To turn on logging for IAS, use "netsh ras set tr * en" at the command ... I created a new user in the server and configured my cisco router to ... > call the radius server for authentification. ... (microsoft.public.internet.radius) Re: Some basic advice needed: RADIUS "light" ... I tried to install Microsofts IAS service on top of my existing Active Directory infrastructure and soon got lost in a jungle of blablabla about protocols, certificates and design strategies for worldwide corporate PKI infrastructures, Policy based access strategies and such, which I currently am not interested in. ... Is there a fairly easy and straightforward documentation from MS or anyone else about how to set up a very basic RADIUS server using Windows 2003 services doing nothing but authentication for simple boxes? ... is there a different RADIUS server software for the Windows 2003 platform available that does the job? ... (microsoft.public.internet.radius) Re: Microsoft Windows IAS RADIUS Server (HELP) ... You may refer to this article for some information on "How to Set Up IAS ... (RADIUS Server) ... with ODBC Authentication" ... Setting up Secure Infrastructure for Wireless Network (March 29, 2005, ... (microsoft.public.internet.radius) Re: AP authenticating to via IAS configured as a RADIUS server ... No you don't need RRAS in this case and just running IAS is sufficient to ... > 2003 IAS configured as a RADIUS server. ... > presented with the authentication box to key in the credentials. ... (microsoft.public.win2000.ras_routing)