Selecting an Appropriate Server
Select an appropriate host to run the Steel-Belted Radius Carrier server software. An appropriate RADIUS server has these properties:
- A secure physical location such as a locked server room.
- Root access on the host limited to the system administrator. Restrict logon access to the Steel-Belted Radius Carrier server to system administrators and others who need it. Ideally, the server should have no (or few) user accounts.
- Adequate memory and disk space—See Meeting System Requirements21 for information on hardware and software requirements.
- Administrative interface not accessible from outside your network—If your Steel-Belted Radius Carrier server has one network connection, limit access to the ports that it uses for configuration and administration.
If your Steel-Belted Radius Carrier server has more than one network connection, an administrative network that is physically separate from other networks should be used to configure and administer the server.
- No public network services such as FTP or HTTP. Running public network services or applications unrelated to user authentication on the Steel-Belted Radius Carrier server may adversely affect the performance of Steel-Belted Radius Carrier, since it must compete with other services and applications for the server's CPU resources. Moreover, running public network services on the authentication server potentially opens the server to malicious attacks. (Steel-Belted Radius Carrier implements its own HTTP service on a different socket port than generic web servers use.)
- A shared secret protects all communications to and from the server, including session keys for wireless data encryption. Configure shared secrets that are long enough and random enough to resist attack Avoid using the same shared secret throughout your network.