RE: IAS as a RADIUS server

From: Leo, Joel (Joel.Leo_at_cw.com)
Date: 07/30/03

  • Next message: bryantac67_at_yahoo.com: "change NT passwords Kerberos" 
    Date: Wed, 30 Jul 2003 12:29:49 -0700
To: "Beadles, Mark A" <MBeadles@SmartPipes.com>, "Henry, Christopher M." <chenry@radiologycorp.com>, <focus-ms@securityfocus.com>

    Also, with IAS you could go one further and encrypt the radius ports
    between the radius clients and server, and between the radius server and
    the dcs with ipsec. Relevant ports are udp 1812 & udp 1813.

    Joel

    -----Original Message-----
    From: Beadles, Mark A [mailto:MBeadles@SmartPipes.com]
    Sent: Wednesday, July 30, 2003 9:07 AM
    To: 'Henry, Christopher M.'; 'focus-ms@securityfocus.com'
    Subject: RE: IAS as a RADIUS server

    Henry

    I've been using IAS in a fairly large deployment here (about 10
    production servers running IAS) for a number of years now. It has been
    stable for us and we have never had a security issue with it. IAS is
    also one of the better RADIUS servers as far as feature set, i.e.,
    support for extensions and compliance with standards. I would think if
    you are already using Active Directory as your back-end user store, IAS
    is probably the way to go.

    RADIUS is a pretty secure protocol itself, so as far as security I'd
    recommend standard stuff -- lock down your Windows OS and have
    reasonable ACLs and IDS on your network.

    My $.02

    + Mark Anthony Beadles + mbeadles@smartpipes.com +
    + Chief Architect + SmartPipes, Inc. +
    + Vox 614.923.5657 + Fax 614.923.6299 +

    -----Original Message-----
    From: Henry, Christopher M. [mailto:chenry@radiologycorp.com]
    Sent: Wednesday, 30 July 2003 08:11
    To: focus-ms@securityfocus.com
    Subject: IAS as a RADIUS server

    I am in the process on implanting a RADIUS server to authenticate users
    logging on from my RAS server and VPNs. I have been reading about using
    IAS as a RADIUS server, but I was not entirely sure exactly how secure
    it is. What are your experiences using IAS, or would you recommend that
    I use another product for greater security?

    Just to give a little background, I need to use a RADIUS server the
    interacts with active directory, so users will have the same username
    and password no matter where they log in from.

    ------------------------------------------------------------------------ 

    ---
Your network firewall and IDS products do not prevent Web application 
attacks - the most common form of online exploitation- resulting in Web 
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web 
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
Your network firewall and IDS products do not prevent Web application 
attacks - the most common form of online exploitation- resulting in Web 
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web 
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
Your network firewall and IDS products do not prevent Web application 
attacks - the most common form of online exploitation- resulting in Web 
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web 
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
---------------------------------------------------------------------------
  • Next message: bryantac67_at_yahoo.com: "change NT passwords Kerberos"

    Relevant Pages

    • RE: IAS as a RADIUS server
      ... I've been using IAS in a fairly large deployment here (about 10 production ... RADIUS is a pretty secure protocol itself, so as far as security I'd ... I am in the process on implanting a RADIUS server to authenticate users ...
      (Focus-Microsoft)
    • Re: Do not use Active Directory
      ... To turn on logging for IAS, use "netsh ras set tr * en" at the command ... I created a new user in the server and configured my cisco router to ... > call the radius server for authentification. ...
      (microsoft.public.internet.radius)
    • Re: Some basic advice needed: RADIUS "light"
      ... I tried to install Microsofts IAS service on top of my existing Active Directory infrastructure and soon got lost in a jungle of blablabla about protocols, certificates and design strategies for worldwide corporate PKI infrastructures, Policy based access strategies and such, which I currently am not interested in. ... Is there a fairly easy and straightforward documentation from MS or anyone else about how to set up a very basic RADIUS server using Windows 2003 services doing nothing but authentication for simple boxes? ... is there a different RADIUS server software for the Windows 2003 platform available that does the job? ...
      (microsoft.public.internet.radius)
    • Re: Wireless AP wants Radius Server, advice?
      ... Yes you can use IAS for Radius, and as you've said it would be ... configuring IAS as a Radius Server for Wireless clients. ... > Reading through the AP's manual they recommend for the best security, ...
      (microsoft.public.windows.server.sbs)
    • Re: AP authenticating to via IAS configured as a RADIUS server
      ... No you don't need RRAS in this case and just running IAS is sufficient to ... > 2003 IAS configured as a RADIUS server. ... > presented with the authentication box to key in the credentials. ...
      (microsoft.public.win2000.ras_routing)