Network Security Features of HP-UX 11i v1 and 11i v2
Page 6
HP-UX AAA Server
The HP-UX AAA Server provides AAA (Authentication, Authorization, and Accounting) server software
for the HP-UX platform. This product is commonly referred to as a RADIUS
1
server. The HP-UX AAA
Server's primary clients are network access devices (VPN gateways, Wireless LAN access points, LAN
switches, Network Access Servers connecting dial-in users) that need to authenticate the end user before
allowing the user's device/computer to attach to the network. The HP-UX AAA Server also collects usage
information that can be utilized by billing, auditing and usage applications. RADIUS is deployed in the
enterprise environment to provide user based VPN, wireless and wired LAN security, and in the
telecommunications environment to provide AAA support for data services.
Recently, there has been much publicity and scrutiny of the security of Wireless LANS (WLANs). In
wireless environments, the AAA (RADIUS) Server is used to authenticate end-users before providing
network access to their devices (common user devices are notebook computers, PDAs, and cellular
phones). The HP-UX AAA Server supports Extensible Authentication Protocol (EAP) based
authentication, which secures the well-known vulnerabilities in Wireless LAN environments by providing
secure per-user authentication and dynamic key distribution, both required by WPA (WiFi Protection
Alliance) certified wireless access points. The AAA Server provides authorization information about each
user to the access device, for example: which services the user is authorized to use, or time of day
restrictions on the user's access. The AAA Server also collects usage information (the user's activity) for
billing or auditing purposes.
For more information about using the HP-UX AAA Server to secure WLANs, see the “Wireless LAN
Design and Deployment with HP-UX AAA RADIUS Server” white paper. See “Appendix A: For More
Information” for details about obtaining additional HP-UX AAA Server documentation.