NAC | NetEqualizer News Blog

Network User Authentication Using Heuristics

December 10, 2013 — netequalizer

Most authentication systems are black and white, once you are in , you are in. It was brought our attention recently, that authentication should be an ongoing process, not a one time gate with continuous unchecked free rein once in.

The reasons are well founded.

1) Students at universities and employees at businesses, have all kinds of devices which can get stolen/borrowed while open.

My high school kids can attest this many times over. Often the result is just an innocuous string of embarrassing texts emanating from their phones claiming absurd things. For example ” I won’t be at the party, I was digging for a booger and got a nose bleed” , blasted out to their friends after they left their phone unlocked.

2) People will also deliberately give out their authentication to friends and family

This leaves a hole in standard authentication strategies .

Next year we plan to add an interesting twist to our Intrusion Detection Device ( NetGladiator). The idea was actually not mine, but was suggested by a customer recently at our user group meeting in Western Michigan.

Here is the plan.

The idea for our intrusion detection device would be to build a knowledge base of a user’s habits over time and then match those established patterns against a tiered alert system when there is any kind of abrupt change.

It should be noted that we would not be monitoring content, and thus we would be far less invasive than Google Gmail ,with their targeted advertisements, we would primarily just following the trail or path of usage and not reading content.

The heuristics would consist of a three-pronged model.

Prong one, would look at general trending access across all users globally . If an aggregate group of users on the network were downloading an IOS update, then this behavior would be classified as normal for individual users.

Prong two , would look at the pattern of usage for the authenticated user. For example most people tune their devices to start at a particular page. They also likely use a specific e-mail client, and then have their favorite social networking sites. String together enough these and you would develop unique foot print for that user. Yes the user could deviate from their pattern of established usage as long as there were still elements of their normal usage in their access patterns.

Prong three would be the alarming level. In general a user would receive a risk rating when they deviated into suspect behaviors outside their established baseline. Yes this is profiling similar to psychological profiling on employment tests, which are very accurate at predicting future behavior.

A simple example of a risk factor would be a user that all of sudden starts executing login scripts en masse outside of their normal pattern. Something this egregious would be flagged as high risk, and the administrator could specify an automatic disconnection for the user at a high risk level. Lower risk behavior would be logged for after the fact forensics if any internal servers became compromised.

Posted in NAC, New Features. 1 Comment »

Integrating NetEqualizer with Active Directory

August 11, 2011 — netequalizer

By Art Reisman

CTO www.netequalizer.com

I have to admit, that when I see this question posed to one of our sales engineers, I realize our mission of distributing a turn key bandwidth controller will always require a context switch for potential new customers.

It’s not that we can’t tie into Active Directory, we have. The point is that our solution has already solved the customer issue of bandwidth congestion in a more efficient way than divvying up bandwidth per user based on a profile in Active Directory.

Equalizing is the art form of rewarding bandwidth to the real time needs of users at the appropriate time, especially during peak usage hours when bandwidth resources are stretched to their limit. The concept does take some getting used to. A few minutes spent getting comfortable with our methodology will often pay off many times over in comparison to the man hours spent tweaking and fine tuning a fixed allocation scheme.

Does our strategy potentially alienate the Microsoft Shop that depends on Active Directory for setting customized bandwidth restrictions per user ?

Yes, perhaps in some cases it does. However, as mentioned earlier, our mission has always been to solve the business problem of congestion on a network, and equalizing has proven time and again to be the most cost effective in terms of immediate results and low recurring support costs.

Why not support Active Directory integration to get in the door with a new customer ?

Occasionally, we will open up our interface in special cases and integrate with A/D or Radius, but what we have found is that there are a myriad of boundary cases that come up that must be taken care of. For example, synchronizing after a power down or maintenance cycle. Whenever two devices must talk to each other in a network sharing common data, the support and maintenance of the system can grow exponentially. The simple initial requirements of setting a rate limit per user are often met without issue. It is the follow on inevitable complexity and support that violates the nature and structure of our turn-key bandwidth controller. What is the point in adding complexity to a solution when the solution creates more work than the original problem?

See related article on the True Cost of Bandwidth Monitoring.

Posted in Commentary and Editorials, NAC. Tags: Active Directory, LDAP, Netequalizer, Radius. Leave a Comment »

Notes on the Complexity of Internet Billing Systems

March 18, 2011 — netequalizer

When using a product or service in business, it’s almost instinctive to think of ways to make it better. This is especially true when it’s a customer-centered application. For some, this thought process is just a habit. However, for others, it leads to innovation and new product development.

I recently experienced this type of stream of consciousness when working with network access control products and billing systems. Rather than just disregarding my conclusions, I decided to take a few notes on what could be changed for the better. These are just a few of the thoughts that came to mind.

The ideal product would:

Cost next to nothing
Auto-sense unique customer requirements
Suggest differentiators such as custom Web screens where customers could view their bill
Roll out the physical deployment bug free in any network topology

Up to this point, the closest products I’ve seen to fulfilling these tasks are from the turn-key vendors that supply systems en mass to hot-spot operators. The other alternative is to rely on custom-built systems. However, there are advantages and drawbacks to both options.

Turn-key Solutions

Let’s start with systems from the turn-key vendors. In short, these aren’t for everyone and only tend to be viable under certain circumstances, which include:

A large greenfield ISP installation — In this situation, the cost of development of the application should be small relative to the size of the customer base. Also, the business model needs some flexibility to work with the features of the billing and access design.
If you have plenty of time to troubleshoot your network — This translates into you having plenty of money allocated to troubleshooting and also realizing there will be several integrations and iterations in order to work out the kinks. This means you must have a realistic expectation for ongoing support (more on the this later). Projects go sour when vendor and customer assume the first iteration is all that’s needed. This is never true when doing even the most innocuous custom development.
If you are willing to take the vendors’ suggestions on equipment and the business process — Generally, the vendor you’re using provides some basic options for your billing and authentication. This may require you to adjust your business process to meet some existing models.

The upside to these turn-key solutions is that if you’re able to operate within these constraints, you can likely get something going at a great price and fairly quickly. But, unfortunately, if you waiver from the turn-key vendor system, your support and cost cycle will likely increase dramatically.

The Hidden Costs of Customization

If you don’t fit into the categories discussed above, you may start looking into custom-built systems to better suit your specific needs. While going the custom-built route will obviously add to your initial price, it’s also important to realize that the long-term costs may increase as well.

Many custom network access control projects start as a nice prototype, but then profit margins tend to drop and changes need to be made. The largest hidden cost from prototype to finished product is in handling error cases and boundary conditions. In addition to adding to the development costs, ongoing support will be required to cover these cases. In our experience, here are a few of the common issues that tend to develop:

Auditing and synchronization with customer databases — This is where your enforcement program (the feature that allows people on to your network) syncs up with your database. But, suppose you lose power and then come back up. How do you re-validate all of your customer ? Do you force them to re-login?
Capacity planning — In many cases, the test system did not account for the size of a growing system. At what point will you be forced to divide and tranisition to multiple authentications systems?
General “feature creep” — This occurs when changing customer expectations pressure the vendor to overrun a fixed-price bid. This in turn leads to shoddy work and more problems as the vendor tries to cut corners in order to hold onto some profit margin.

Conclusion

Based on this discussion, it’s clear that the perfect, one-time-fix NAC billing system may still only be in the minds of users. Therefore, it’s not a matter of trying to find the flawless solution but rather of taking your own needs into account while understanding the limitations of existing options. If you have a clear idea of what you need, as well as a reasonable expectation of what certain solutions can provide (and at what cost), the process of finding and implementing an NAC billing system will not only be more effective but also more painless.

Posted in Commentary and Editorials, NAC. Tags: internet billing systems. Leave a Comment »

NetEqualizer Bandwidth Shaping Solution: Hotels & Resorts

February 11, 2010 — netequalizer

In working with some of the world’s leading hotels and resorts, we’ve repeatedly heard the same issues and challenges facing network administrators. Here are just a few:

Download Hotels White Paper

We need to do more with less bandwidth.
We need a solution that’s low cost, low maintenance, and easy to set up.
We need to meet the expectations of our tech-savvy customers and prevent Internet congestion during times of peak usage.
We need a solution that can meet the demands of a constantly changing clientele. We need to offer tiered internet access for our hotel guests, and provide managed access for conference attendees.

In this article, we’ll talk about how the NetEqualizer has been used to solve these issues for many Hotels and Resorts around the world.

Download article (PDF) Hotels & Resorts White Paper

Read full article …

Posted in NAC, White Papers. Tags: bandwidth control, Bandwidth Shaping, hotel, internet congestion, Internet optimization, Network Access Control, resort. 1 Comment »

How to Implement Network Access Control and Authentication

August 19, 2009 — netequalizer

There are a number of basic ways an automated network access control (NAC) system can identify unauthorized users and keep them from accessing your network. However, there are pros and cons to using these different NAC methods. This article will discuss both the basic network access control principles and the different trade-offs each brings to the table, as well as explore some additional NAC considerations. Geared toward the Internet service provider, hotel operator, library, or other public portal operator who provides Internet service and wishes to control access, this discussion will give you some insight into what method might be best for your network.

The NAC Strategies

MAC Address

MAC addresses are unique to every computer connected to the network, and thus many NAC systems use them to grant or deny access. Since MAC addresses are unique, NAC systems can use them to identify an individual customer and grant them access.

While they can be effective, there are limitations to using MAC addresses for network access. For example, if a customer switches to a new computer in the system, it will not recognize them, as their MAC address will have changed. As a result, for mobile customer bases, MAC address authentication by itself is not viable.

Furthermore, on larger networks with centralized authentication, MAC addresses do not propagate beyond one network hop, hence MAC address authentication can only be done on smaller networks (no hops across routers). A work-around for this limit would be to use a distributed set of authentication points local to each segment. This would involve multiple NAC devices, which would automatically raise complexity with regard to synchronization. Your entire authentication database would need to be replicated on each NAC.

Finally, a common question when it comes to MAC addresses is whether or not they can be spoofed. In short, yes, they can, but it does require some sophistication and it is unlikely a normal user with the ability to do so would go through all the trouble to avoid paying an access charge. That is not to say it won’t happen, but rather that the risk of losing revenue is not worth the cost of combating the determined isolated user.

I mention this because some vendors will sell you features to combat spoofing and most likely it is not worth the incremental cost. If your authentication is set up by MAC address, the spoofer would have to also have the MAC address of a paying user in order to get in. Since there is no real pattern to MAC addresses, guessing another customer’s MAC address would be nearly impossible without inside knowledge.

IP Address

IP addresses allow a bit more flexibility than MAC addresses because IP addresses can span across a network segment separated by a router to a central location. Again, while this strategy can be effective, IP address authentication has the same issue as MAC addressing, as it does not allow a customer to switch computers, thus requiring that the customer use the same computer each time they log in. In theory, a customer could change the IP address should they switch computers, but this would be way too much of an administrative headache to explain when operating a consumer-based network.

In addition, IP addresses are easy to spoof and relatively easy to guess should a user be trying to steal another user’s identity. But, should two users log on with the same IP address at the same time, the ruse can quickly be tracked down. So, while plausible, it is a risky thing to do.

User ID Combined with MAC Address or IP Address

This methodology solves the portability issue found when using MAC addresses and IP addresses by themselves. With this strategy, the user authenticates their session with a user ID and password and the NAC module records their IP or MAC address for the duration of the session.

For a mobile consumer base, this is really the only practical way to enforce network access control. However, there is a caveat with this method. The NAC controller must expire a user session when there is a lack of activity. You can’t expect users to always log out from their network connection, so the session server (NAC) must take an educated guess as to when they are done. The ramification is that they must log back in again. This usually isn’t a major problem, but can simply be a hassle for users.

The good news is the inactivity timer can be extended to hours or even days, and should a customer login in on a different computer while current on a previous session, the NAC can sense this and terminate the old session automatically.

The authentication method currently used with the NetEqualizer is based on IP address and user ID/password, since it was designed for ISPs serving a transient customer base.

Other Important Considerations

NAC and Billing Systems

Many NAC solutions also integrate billing services. Overlooking the potential complexity and ballooning costs with a billing system has the potential to cut into efficiency and profits for both customer and vendor. Our philosophy is that a flat rate and simple billing are best.

To name a few examples, different customers may want time of day billing; billing by day, hour, month, or year; automated refunds; billing by speed of connections; billing by type of property (geographic location); or tax codes. It can obviously go from a simple idea to a complicated one in a hurry. While there’s nothing wrong with these requests, history has shown that costs can increase exponentially when maintaining a system and trying to meet these varied demands, once you get beyond simple flat rate.

Another thing to look out for with billing is integration with a credit card processor. Back-end integration for credit card processing takes some time and energy to validate. For example, the most common credit card authentication system in the US, Authorize.net, does not work unless you also have a US bank account. You may be tempted to shop your credit card billing processor based on fees, but if you plan on doing automated integration with a NAC system, it is best to make sure the CC authorization company provides automated tools to integrate with the computer system and your consulting firm accounts for this integration work.

Redirection Requirements

You cannot purchase and install a NAC system without some network analysis. Most NAC systems will re-direct unauthorized users to a Web page that allows them to sign up for the service. Although this seems relatively straight forward, there are some basic network features that need to be in place in order for this redirection to work correctly. The details involved go beyond the scope of this article, but you should expect to have a competent network administrator or consultant on hand in order to set this up correctly. To be safe, plan for eight to 40 hours of consulting time for troubleshooting and set-up above and beyond the cost of the equipment.

Network Access for Organizational Control

Thus far we have focused on the basic ways to restrict basic access to the Internet for a public provider. However, in a private or institutional environment where security and access to information are paramount, the NAC mission can change substantially. For example, in the Wikipedia article on network access control, a much broader mission is outlined than what a simple service provider would require. The article reads:

“Network Access Control aims to do exactly what the name implies—control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do.”

This paragraph was obviously written by a contributor that views NAC as a broad control technique reaching deep into a private network. Interestingly, there is an ongoing dispute on Wikipedia stating that this definition goes beyond the simpler idea of just granting access.

The rift on Wikipedia can be summarized as an argument over whether a NAC should be a simple gatekeeper for access to a network, with users having free rein to wander once in, or whether the NAC has responsibilities to protect various resources within the network once access is attained. Both camps are obviously correct, but it depends on the customer and type of business as to what type of NAC is required.

Therefore, in closing, the overarching message that emerges from this discussion is simply that implementing network access control requires an evaluation not only of the network setup, but also how the network will be used. Strategies that may work perfectly in certain circumstances can leave network administrators and users frustrated in other situations. However, with the right amount of foresight, network access control technologies can be implemented to facilitate the success of your network and the satisfaction of users rather than serving as an ongoing frustrating limitation.

Posted in Bandwidth Monitoring, Educational Articles, NAC. Tags: mac address spoofing, NAC, Netequalizer, Network Access Control, Network Authentication. 3 Comments »

What to Consider When Deploying Your Network Access Control

May 15, 2009 — netequalizer

The decision to deploy a Network Access Control (NAC) or Network Management system may seem simple at first, but many questions remain beyond realizing that initial need. There are a number of factors you should consider when determining what type of NAC is right for you and how it might be deployed, as some tradeoffs exist that will affect your business model depending on what you are trying to accomplish. The following tips, although technical in nature, break down the trade-offs with easy-to-understand explanations.

1) Identifying your users as fixed or mobile – With fixed users, apartment buildings and offices can usually rely on what is called a MAC address to identify which users have access to the network. The MAC address is the unique address that comes with every networking card and wireless card on a computer.

However, the downside of using MAC address authentication is that many users like to be able to change computers or allow guests to login from their own machines. The only practical way for an ISP to deploy a MAC authentication system is when the ISP is able to install customer premise equipment such as a cable modem. The modem and its MAC address act as a gateway to the apartment or office and can be authenticated or shut off if a customer does not pay their bill.

Another issue to consider is that many installations need to be more dynamic, since people like to take their laptops out of their office or apartment and into a common area. The same is true for hotels and similar environments. Although every user on your network has an IP address, they are not unique to that user and can easily be spoofed. So, this essentially leaves you with only one option: Login-based authentication.

2) Login-based authentication – Login-based authentication lasts for the duration of the session when a user is logged in. It is controlled by username and password and the user is given a temporary IP address for their session, making it unlikely, but not impossible, that a hacker can steal the session.

Yet, there are some things that must be considered with a login based user session. Here are a few other key considerations when using a login-based authentication:

3) Automatic log out? – You can’t expect users to always log out or tell you when they are finished accessing the network, so you must log them out after a period of inactivity. This is especially true when users are paying for a limited amount of access time, or when a user may be utilizing multiple computers. The easiest way to do this is to program the NAC to log users out after a set amount of time of inactivity.

4) How to bill – You must decide if a user account gets billed by the calendar regardless of whether they use it, or simply by login time. If you’re likely to have a steady stream of multiple users who will want to log on for short amounts of time – like in an airport or coffee shop – it may make more sense to charge by the hour rather than by the month.

5) Do you want to offer different levels of service? – Many providers offer users a few different options with varying speeds. So, for example, you may want to tier your service with bronze, gold, and platinum levels, with users paying more in order to get faster speeds. This allows users who may just want to check their e-mail to do so at a lower cost than the users who are looking to stream videos or update their podcasts.

6) Can an account have more than one simultaneous login? – For example, you could sell access under a single account to a group of people for a sales meeting or convention, which would allow multiple users to access the Internet at the same time from their individual computers. Supply and demand really come into play here, so you need to make sure to allocate enough bandwidth for the multiple users, but also not run the risk of impacting others on your network.

7) Making the most of your space – You may also want to sell marketing space on your login page, which you are able to customize. Say, if you’re a hotel, I’m sure the local pizza place would love to place an ad – especially if they take orders online. This gives you the option of supplementing your existing income from network subscribers with a steady stream of advertising revenue.

8) How much support do you provide? – Do you have a support center available to give refunds for people who miss a charge or can’t get service after purchasing? The ease with which this can be done often depends on the setup that you’re running. For example, in a hotel, support can simply be provided at the front desk. This is a decision that will obviously also be based on your past experience with your network access controller. If problems don’t usually come up, then having around-the-clock support most likely won’t be necessary.

9) Easy instant billing? – Again, this will likely depend on your individual setup and what your customers will want. If you wish to use credit card processing on the fly for a login, you’ll need a merchant account with a bank that supports online authentication. The vendor who you purchase your system from will also need to know how to work with this account. But, if you’re just providing access to groups that have planned access with you ahead of time, the instant online billing probably isn’t needed.

While you’re likely to come across additional questions once you’ve got your network access controller in place, these considerations simply illustrate a sampling of what issues you may want to take into account. As mentioned throughout, in most cases, a final decision will ultimately depend on how and why your NAC is being used. Of course, for many, this may change on a regular basis. Therefore, you don’t necessarily need to have exact plans set in stone before implementing your NAC, but rather simply choose an option that will allow some flexibility. What’s important is that you remain in control.

Posted in Educational Articles, NAC. Tags: control internet access, Internet Access, ISP, login authentication, mac authentication, mac redirection, network access, Network Access Control, network gateway, network login, network management system. 1 Comment »

Network Access Control Module Screenshots

January 12, 2009 — netequalizer

Step 1

Step 2

Step 3

Final Step

Posted in Bandwidth Monitoring, NAC. Tags: NetEqualizer NAC, NetEqualizer network access control. Leave a Comment »

Network Access Control lease plan now available from APconnections

January 5, 2009 — netequalizer

APconnections to Offer Managed Network Access Control with no upfront costs.

LAFAYETTE, Colo., January 6, 2009 — APconnections, a leading supplier
of plug-and-play bandwidth shaping products and the creator of the
NetEqualizer, today announced it would begin offering a network access
control management services with no upfront costs.

The services will be targeted toward networks that typically see a
high degree of turnover among users, such as airports, hotels, and
Internet cafes. For qualifying customers, APconnections will remotely
manage access to Internet connections, leaving clients free from the
worry of regulating and distributing short-term Internet service.

The suggested initial management package will offer users the option
of utilizing a complimentary 128 kbs connection or upgrading to a
high-speed 1-megabit connection for a fee. Upon accessing the network,
users will be directed to a billing page, which will offer the two
levels of service. The content of this page will largely be determined
by the client, including the option to display advertisements from
local vendors, providing the opportunity to further increase revenues.

In addition to clients no longer having to worry about regulating
Internet access, APconnections will also be responsible for all
billing and technical support. On a monthly basis, clients will be
provided with a statement showing income and network usage.

The only cost to clients will be a pre-determined percentage of the
income from customers’ high-speed upgrades. While this service can be
provided for customers with an existing ISP, Internet service can also
be established or expanded through APconnections directly for an
additional fee.

To qualify, clients must average a set number of monthly users. A
one-month trial of the service will be offered at no charge, at the
conclusion of which a service contract must be signed.

For more information, please contact APconnections at 1-888-287-2492
or via e-mail at admin@APconnections.net.

APconnections is a privately held company founded in 2003 and is based
in Lafayette, Colorado.
—
Art Reisman
www.apconnections.net
www.netequalizer.com
303-997-1300 extension 103
720-560-3568 cell

Posted in NAC, Press Releases. Tags: bandwidth shaper, managed internet access, NAC, Netequalizer, Network Access Control, network managed services, network management, Traffic Shaping. Leave a Comment »

NetEqualizer Network Access Control Module Helps Generate Revenue

December 6, 2008 — netequalizer

Background: The NetEqualizer network access control module (NAC), which was released this past September, allows users to re-direct “unknown” or “unauthorized” traffic to a web server hosted on the NetEqualizer. Once redirected, you can have the NetEqualizer perform a variety of actions, including:

1) Authenticating a user via login
2) Allowing the unknown user to create a paid account (using a credit card, for example)
3) Allowing the user to pass through to the Internet without logging in

Did you know that the NetEqualizer network access control module offers several options to generate revenue? One of the dilemmas many of our customers have mentioned is that in order to be competitive they don’t want to charge for their Internet service (hotels, etc.). Well, the cool thing about the NAC module is that you can offer multiple logins with different rate limits. For example, one could be your standard free service and another could be a paid service with higher bandwidth rates.

An additional revenue generating feature of the NAC module is the ability to run advertisements on the login screens. For example, if you’re a hotel operator, even if you’re not charging for Internet service, you could have your guests login on a screen with the logo and name of a local merchant, or anybody that is interested in cross marketing with your hotel.

The NAC module also has customizable splash screens on its default login page that you can edit, thus welcoming your users with whatever content you choose.

For more information about the NetEqualizer network access control module, visit our Web page at www.netequalizer.com or contact us at 1-888-287-2492 or via email at sales@netequalizer.com.

Posted in NAC, New Features. Tags: NAC, Netequalizer, Network Access Control. Leave a Comment »

Network Access Control Features Redirection for Delinquent Customers

October 6, 2008 — netequalizer

What should an Internet service provider do to customers who are late with their payment? If you simply block the user completely at your firewall, you will likely generate a costly call to your support engineering. But, there are other options…

A better way to collect payment without creating support calls is to redirect the delinquent user to a splash screen informing them they need to pay their bill. Obviously a customer won’t call unless they are ready to pay, hence no costly call to support engineering. For the suggested redirection capability, you do not need a fully automated network access control system (requiring a login and credit card payment), but you do need a way to redirect delinquent customers to a Web page telling them to pay their outstanding bill.

With our latest version that is available now, we can set up IP redirection to a custom web page for a nominal support charge.

Note: We now host the redirection page right on your NetEqualizer, so there is no need for another third party server.

Call us if you are interested: 303-997-1300
www.netequalizer.com

Posted in NAC, New Features. Tags: bandwidth control, firewall redirection, ISP collections, Netequalizer, Network Access Control, Traffic Shaping. 1 Comment »

Update: NetEqualizer Access Control Module Running Live at Portola Hotel & Spa

September 16, 2008 — netequalizer

Well, we did it. The new NetEqualizer access control module is now up and running at the Portola Hotel and Spa in Monterey, California. Of course, we wanted to be there for the maiden voyage.

We retrofitted one of the existing NetEqualzier bandwidth controllers at the Portola Hotel with our network access controller and have been live in their lobby areas without an issue going on 36 hours now.

According to Phillip Pennington of Portola Plaza’s IT department, he was not surprised with the results as our NetEqualizer products (they have four of them) have worked flawlessly throughout the complex since being installed 18 months ago.

We have just a few minor customizations to make for their billing needs, and plan to bring up the rest of the hotel in January 2009.

If you were waiting for our latest release with our NAC, now is a good time to call.

The price for any trials next month will start at $2500 and include two hours of consulting.

Note: Customers will need some HTML experience to customize their text pages. Customers will also need to meet basic network configurations to be eligible. Contact us for details at 303-997-1300 or see our Web page for more information.

Portola Plaza Personalized Welcome Screen

Returning Users Sign In Screen

Posted in NAC, Testimonials. Tags: NAC, Network Access Control. Leave a Comment »

NetEqualizer Network Access Control Rollout

September 14, 2008 — netequalizer

After several months in development, the NetEqualizer network access control module is now available for trial.

The basic features of the Module are what you would expect (think airport T Mobile daily access etc):

1) The ability to dynamically authenticate/restrict users through a login process.

2) Automated payment processing for users who do not have a login.

3) The ability to selectively exempt an IP range from authentication redirection server. For example well known IP addresses on your network will not be forced to login, while other open IP address ranges (guest network) will require a login to obtain access.

4) The ability to custom brand login pages and redirection service

Plus a couple of new twists that go above and beyond normal Network Authentication products:

1) Class of Service Specification When Customers Sign Up

For example, you will be able to offer customers a free standard service at modem speed with an option to pay for an upgrade for a faster connection. We have been playing with this feature at the office with our test system and the option to upgrade is very compelling. This could be a great way to increase revenue for those who might otherwise not log on at all if asked to purchase up front. Of course, this is made possible because the network access control is hosted by our NetEqualizer platform with full access to rate limiting features.

2) Group Licenses

This was one of the main requests from Portola Plaza Hotel (our beta site). They wanted to know if we could offer a system that allowed them to sell a group license (limited by total simultaneous sessions) to conference attendees. The other part of the challenge was to maintain a pay as you go option for individual hotel guests at the same time. Well, we have all that in there and it really is pretty impressive!

3) Smooth Service

For those hotels and institutions that have not been able to pull the trigger on something to eliminate their busy hour congestion, they will get the full power of our automated bandwidth controller. Many hotels and institutions have too many irons in the fire to address this issue, and perhaps their management cannot quantify the cost of slow Internet service, so they just live with it. These same institutions love to implement pay for internet service because that feature is clear-cut revenue generating device. So, now they will get both — revenue and smoother service for their paying customers all in one swoop!

4) Reliable Engineering

As many of our customers already know, we are an engineering company that developed a product, not an investor with a business plan that hired an engineering company. What this means is that our roots are conservative and we are in no hurry to put a solution on the market that will cause customers headaches as a result of some greedy business plan and offshore engineering. We do the work here in the U.S. and pay our engineers salaries of U.S. quality. The end result is a smoother process from start to finish. In addition, we are very conservative with our roll out and will not sell more than we can support at one time.

Needless to say, we were very excited to see the control module in action. It’s been even better to see that the months of research and development have paid off. For more information about the NetEqualizer network access control module, please visit our Web site at www.netequalizer.com.

Posted in NAC, New Features. Tags: Hot spot controller, Hotel IT products, Internet Class of service, NAC, Netequalizer, Network Access Control, Network Authentication, restrict network access. Leave a Comment »

NetEqualizer News Blog

Follow NetEq Blog

Categories

Keyword Search

Pages

Recent Posts

Network User Authentication Using Heuristics

Integrating NetEqualizer with Active Directory

Notes on the Complexity of Internet Billing Systems

NetEqualizer Bandwidth Shaping Solution: Hotels & Resorts

How to Implement Network Access Control and Authentication

The NAC Strategies

Other Important Considerations

Network Access Control Module Screenshots

Network Access Control lease plan now available from APconnections

NetEqualizer Network Access Control Module Helps Generate Revenue

Network Access Control Features Redirection for Delinquent Customers

Update: NetEqualizer Access Control Module Running Live at Portola Hotel & Spa

NetEqualizer Network Access Control Rollout

See for yourself.

If you like our articles, you can talk to our authors!

Archives

Top Posts

Follow NetEq Blog

Categories

Keyword Search

Pages

Recent Posts

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

The NAC Strategies

Other Important Considerations

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

See for yourself.

If you like our articles, you can talk to our authors!

Archives

Top Posts