Monday, March 12, 2007

Access controller specification

Access controllers generally provide port-based access control. When a user attempts to utilize a network-based application, such as a Web site via a Web browser, the access controller blocks access and redirects the user's browser to a login-in page. The user can then enter their user name and password, and the access controller will authenticate the user via an authentication server. The network application could, as an alternative, use digital certificates for authentication purposes. The authentication server provides authentication and authorization information that the access controller uses as a basis to regulate the user's access to the protected network. The user will have authorization to use specific port addresses, such as "port 80" for Internet browsing.

When shopping for an access controller, assess the following features:

Authentication. Most access controllers have a built-in database for authenticating users; however, some offer external interfaces to authentication servers such as RADIUS and LDAP. Keep in mind the number of users and scope of your network when determining which authentication server type to use. For smaller, private networks, an internal database may suffice. If you plan to provide nationwide access, then an external centralized authentication server will provide better results.
Link Encryption. Some access controllers provide encryption of data from the client to the server and back, using such security as IPSec and PPTP encrypted VPN tunnels. This provides added protection beyond what 802.11 WEP provides. Be sure that that the access controller protects the transmission of user names and passwords.

Subnet Roaming. In order to support roaming from one network to another, access controllers general provide subnet roaming that allows users to roam without needing to re-authenticate with the system. As a result, users can continue utilizing their network applications without interruption. This feature is especially useful for larger installations where access to the network for specific users will span multiple subnets.

Bandwidth Management. Because users share bandwidth in a wireless LAN, it's important to have a mechanism to ensure specific users don't hog the bandwidth. Access controllers provide this form of bandwidth management through the assignment of user profiles based on required quality of service levels. A profile specifies the types of services (e.g., Web browsing, video streaming, etc.) and throughput limit. For example, an unsubscribed visitor to a public wireless LAN could classify as fitting a "visitor" profile, which may only allow access to information related to the local hotspot and online subscription Websites. A subscriber, however, could have a different role that allows them to have access to the Internet at a throughput of 128Kbps. For users paying a premium, they could have higher throughput access, perhaps 3Mbps, for fast downloads and access to other higher end applications.
Access controllers aren't always the best solution for wireless LAN applications. If you're implementing a smaller network for a home or small office, then there may not be enough benefit to offset the thousands of dollars for an access controller. With only one or two access points, the more cost effective solution is generally to use a "smart" access point to provide enhancements to the network. Or, you might only need to deploy "thin" access points alone if security is not of major concern and you have a limited number of users.

Digg!

No comments: