To answer many of the Internet's security needs, a new
standard of authentication was required. Remote Authentication Dial
In User Service (RADIUS) brought a client-server architecture to ISPs,
enabling efficient, secure authentication of dial-in users. RADIUS manages
a database of users, provides authentication so that the dial-in user
is allowed access, and delivers configuration information detailing
the type of service to deliver to the user -- such as SLIP, PPP, telnet,
etc.
As networks grow increasingly complex -- both in size
and technology -- network managers are also faced with the challenge
of minimizing downtime. With literally hundreds of locations to keep
up and running, network managers seek solutions that enable them to
remotely manage all of the devices in the network.
Many have turned to the Internet as the solution. Inband
management via the Internet offers many benefits, chief among them security.
However, Internet-based solutions have one major flaw: reliance on the
very network the solutions are intended to manage. If part of the network
goes down, remote management disappears with it.
In addition, much of the legacy equipment simply does
not have the appropriate networking ports to allow Internet-based management.
These older devices, such as PBXs, X.25 pads, and Front End Processors
(FEPs), are only manageable through their serial port. To further complicate
matters, each of these devices has their own -- often proprietary --
management method.
Ironically, some legacy security measures create problems
for LAN or Internet based solutions. Many UNIX servers do not allow
reconfiguration via network connections. Early network designers did
not want remote users to be able to significantly reconfigure the devices
-- possibly rendering them useless.
Clearly, network managers need a standards-based solution
that enables remote management via a serial port, while protecting the
network from unauthorized users and destructive hackers.
