Connectivity and Security Issues - RADIUS Server - Research Paper Example

? Full Paper Purpose RADIUS server provides a mechanism that is based on distributed security. It consists of two components i.e. an authentication server and client protocols that are configure at client end. The authentication server operates from a single standalone workstation located at the client end. The core objective is to separate communication channel from the security channel (RADIUS information, n.d ). It presents the technical processes that an organization will implement in order to conduct the remote access server testing. The testing offers insights evaluator on their implementation and the probable impact they may have on systems and networks. In order to conduct a successful assessment, having a positive impact on the security posture of a system on the entire organization, elements of the examination must maintain the technical procedure. The testing process enables organizations to develop a policy of information security assessment and methodology. Identification of individual roles, related to technical procedures is also the aspects of the assessment. Description Corporate organizations spent an enormous amount of money for securing the computer networks and valuable data. There are many techniques and methods introduced in the past for protecting networks. Several encryption techniques are injected between the data flow from one network to another. Organizations prefer technology with low cost and high efficiency, providing network protection and security internally and externally. Evaluation and testing of networks is an essential activity for measuring the current security mechanism. This testing activity identifies the probability of potential threats as well as threats already available within the network. For eliminating the potential and existing threats, Dial in RAS security testing is implemented. What is Remote Access Server (RAS)? A clear definition is available in the computer desktop encyclopedia which says “A computer in a network that provides access to remote users via an Internet or dial-up connection”. Many organizations are saving money by providing access to networks from home. The executives, sales staff and others need to connect to the organization’s network when they in mobile resources and need to access network resources also on the weekends from home. RAS initiates remote access techniques for vulnerabilities, they cover computing servers such as terminal servers, VPNs, secure shell (SSH) tunnels, remote desktop application, and dial-up modems. The alternative methods are adapted in this testing procedure for entering in circumvents perimeter defenses. Remote access testing also follows penetration testing methodology, but can also be executed separately to focus on remote access implementations. Testing techniques differ from type of remote access services being tested and the specific goals of the test. Benefits Information security assessment enables the organization to evaluate and test the network, hosts, system, procedure, and person. The organization will able to eliminate essential process by the following methodologies conducted by the RAS server testing: Unauthorized remote access services Port scanning will locate open ports that are often associated with remote access services. Systems are manually checked for remote access services by viewing running processes and installed applications. Evaluating rules for remote access paths Rules sets which are applied on Virtual private network gateways are reviewed for holes or miss configurations that could authorize unwanted entrance for hackers. RAS authentication mechanism The remote access methods normally require authentication. Before testing, the testing team or testers will first authorize themselves in to the authentication system. There are some defaults or extra account available for testing purpose. Brute force attack is initiated for getting in to the network or gain access without an authentication token. Social engineering techniques are used for breaking the password by asking general questions via a self service authentication program. RAS Communications A testing tool “network sniffer” are used for monitoring remote access communications. If there are flaws and loop holes in the communications process, testers will utilize them as sources for remote access authentication information and other data sent and received by remote access users. Live testing of remote access connections, is performed during off peak hours of the organization to limit potential disruption to employees and the remote access systems. The testing will be conducted with the administrator ID having full permission and right to perform actions and administrative tasks. Cost For conducting the RAS testing, a test bed is required. At least two systems are required for the testing process. One system will be the host. The second will be a remote server. Both of the system must have a modem installed. One network access server and telephone switch is required. As far as time is concerned, the testing will continue until there are no errors left. It may take a day or two depending on how many RAS servers are available in the organization. Installation RAS on a Wireless Router In order to install a typical RADIUS server on a router, following protocols and services are associated: DHCP TCP / IP TKIP SSID WPA Internet Authentication Service DNS The next step is to demonstrate RADIUS server installation on a wireless router by incorporating the above mentions protocols and services. Figure 1.1 As shown in figure 1.1, the first step is to configure the wireless router configuration. These parameters will be considered: Internet Connection type: Automatic Configuration Router Name: Any Host Name: Any Domain Name: Any MTU: Any Local IP Address: Local IP address of the workstation DHCP Server: Disabled for RADIUS Configuration Figure 1.2 As shown in figure 1.2, following parameters will be considered for Basic Wireless network settings: Wireless Network Mode: Mixed Wireless Network Name (SSID): Type SSID Wireless Channel: do not make any changes Wireless SSID Broadcast : Enabled Figure 1.3 Figure 1.3 shows the configuration of the following parameters: Security Mode: Select WPA Enterprise WPA Algorithms: Select TKIP RADIUS Server Address: Configure IP address of the RADIUS server RADIUS Port: Set the port to 1812 Shared-key: Configure the selected shared key Key Renewal Timeout: Leave it to default Figure 1.4 Figure 1.5 As shown in Figure 1.4 and 1.5, Right click on the RADIUS client and click on ‘New RADIUS Client’ Figure 1.6 As shown in Fig 1.6, now select name of choice and enter IP address of the Linksys router. Figure 1.6 As shown in Fig 1.6, the last step will be to set ‘RADIUS standard’ as the ‘Client-Vendor’ and set the shared key that will be identical to the shared key that was configured in the Linksys router. Click finish to end the wizard. Work Cited (2010). remote access server. Computer Desktop Encyclopedia, 1. Retrieved from Computers & Applied Sciences Complete database RADIUS information n.d, Retrieved 8/21/2011, 2011, from http://www.kmj.com/radius.html Read More