CALABASAS, CALIF. (04/20/2000) - Alcatel is making it possible to keep unauthorized LAN users out of resources they shouldn't be using with a security package from Funk Software.
The package uses Remote Authentication Dial-In User Service (RADIUS) to give network professionals the ability to create logical workgroups and virtual LANs, even when those users are spread out on different LAN segments or move from location to location with laptops.
While RADIUS is generally used for authentication of remote users, this application instead authenticates users on a LAN as they try to gain access to LAN ports on Alcatel OmniSwitches.
Alcatel had tried to provide similar features for its OmniSwitches using software from Check Point, but Check Point required its own database of user profiles, Alcatel says.
Alcatel switched to Funk's Steel-Belted RADIUS software because it supports other directories, including Windows NT directories, Novell Directory Services and Lightweight Directory Access Protocol. Steel-Belted RADIUS saves administrators time by making use of these other directories rather than requiring them to build new ones from scratch. Funk had to tweak its software to accommodate proprietary Alcatel directories, Funk says.
Steel-Belted RADIUS also supports security tokens such as RSA's Secure ID.
With the Funk software, when a user attempts to access, say, a particular server through the OmniSwitch, Funk's Steel-Belted RADIUS challenges the user for name and password. The software checks with a RADIUS directory to determine what LAN resources that user is authorized to use. The RADIUS server informs the switch of the number of virtual LANs to which the user's media access control address is allowed access. If the server is among those resources, the user gets access.
This is a unique use of RADIUS that makes it relatively simple for network administrators to add authorization to LAN security, says Pete Dailey, a managing partner of analyst firm Frost & Sullivan. Dailey says he expects other switch vendors might form similar alliances with Funk or other RADIUS vendors.
This scheme contains more security features than a standard being considered by the IEEE that authenticates users to a switch, but allows them free access to the whole enterprise beyond the switch, Alcatel says. RADIUS can restrict to what parts of the enterprise each user has access.
The software is sold with the OmniSwitches as a separate option and costs US$300 to $800 extra depending on which OmniSwitch model is used.