NetFlow Analyzer and RADIUS!

We know that NetFlow Analyzer stores sensitive data of an network for bandwidth analysis and reporting. To protect this sensitive data and give the users more secure way of accessing the NetFlow Analyzer, the product has Radius Server Authentication for user access to the NetFlow Analyzer application. This Radius Server Authentication keeps track of users logging to NetFlow Analyzer and also provides centralized authentication, authorization and accounting mechanism.

Whats is Radius ?

Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting management for computers to connect and use a network resources.

RADIUS enables centralized management of authentication data, such as user names and passwords. When a user attempts to login to a RADIUS client, such as a NetFlow Analyzer, the NetFlow Analyzer sends the authentication request to a RADIUS server, which is the centralized authentication server. The communication between the RADIUS client and the RADIUS server is authenticated and encrypted through the use of a shared secret, which is not transmitted over the network.

Configuring NetFlow Analyzer for Radius Authentication:

In order to configure users to access NetFlow Analyzer via Radius Server Authentication, we need to configure the radius server settings within the product. To configure Radius Server Credentials, the option is under Admin Operation ———-> Product Settings ———> Advanced Settings Tab.

Following credentials need to be configured for Radius Server Authentication on NetFlow Analyzer:

Radius Server IP                                : IP address of the Radius server
   
Radius Server Authentication Port      : Port through which the radius server is listening for authentication requests from NetFlow Analyzer
   
Radius Server Protocol                       : Protocol used for authentication purpose

NetFlow Analyzer support variety of Authentication Protocol for Radius Server Authentication, They are;

PAP           : Password Authentication Protocol provides a simple method for the peer to establish its identity using a 2-way handshake.

CHAP         : Challenge-Handshake Authentication Protocol (CHAP) authenticates a user or network host to an authenticating entity.

MSCHAP    : MS-CHAP is the Microsoft version of the Challenge-handshake authentication protocol, CHAP.

MSCHAP2  :  Another version of Microsoft version of the Challenge-handshake authentication protocol, CHAP.

Radius Server Secret                         : Secret that is specified on the Radius Server

Authentication Retries                       : Number of retries for authentication

                                                    
Once the Radius server settings is configured on the NetFlow Analyzer, the next step is creation of user accounts.

User Creation on NetFlow Analyzer:

We can create users for NetFlow Analyzer from User Management page. Here, you need to enter a user name available in the RADIUS server and select the option to authenticate via Radius.When the created user tries to login to NetFlow Analyzer, he will authenticated via Radius Server. The Radius Server reads the request from the NetFlow Analyzer and checks the user name and password on its database and if the credentials are passed, the user will be directed to the NetFlow Analyzer web console.

                                                 
                                             
                        
With this type of secure authentication, we do not need to create user name and password locally in NetFlow Analyzer. RADIUS server authentication provides secure authentication and accounting. It is also possible to integrate RADIUS server with Active Directory so that you also get the capability for using user accounts from AD in NetFlow Analyzer.

Thanks

Praveen Kumar

NetFlow Analyzer Technical Team

Interactive Demo | Product overview video | Twitter | Customers