Praetorian Q&A

April 26, 2007 on 10:39 pm | In Praetorian

Q:

Praetorian; what does it REALLY do?

A:

Let’s say you have a wireless network. It may be one little Airport Router, ten routers linked together, or any given number. You want to secure it, so people can’t just effortlessly go on your network.

The options are clear; however, for most Mac users, some options aren’t touched on. We all know WEP and WPA security for wireless networks. This can be inconvenient; a password that’s often random and has no other association doesn’t get remembered well. You can filter on hardware (MAC) addresses, but if you have more than one router, this will be a pain to maintain.
RADIUS, a server for authentication, can consolidate your list of allowed addresses, keep network login information in a certificate or a more logical username and password combination.

Praetorian isn’t RADIUS – Praetorian functions as your interface to RADIUS, and makes it effortless to set up and harness. Let’s say you have an open network with 7 Macs (or PC’s) that get each get online at least once each week. You can let Praetorian scan the addresses of the computers and add them to the list of allowed users before applying the new security scheme. If the network is under attack, or is overwhelmed by an infected PC, simply lock down the network. You can schedule certain policies for certain times. Praetorian makes it easy, and affordable.

Q:

You confused me. What does it DO?

A:

It makes it easy to secure your network without having the router or Airport doing all the securing, giving control to you. And it’s easy enough for anyone to use. It’s also built on open-source software with open and strict standards for security, in line with the base of OS X.

Q:

Does Praetorian have anything to do with FON?

A:

No. I have gotten quite a number of emails regarding this, for reasons beyond my imagination.

Q:

You mentioned special Airport support. I don’t have an Airport router, but (Brand XYZ). Now what?

A:

Although Airport setup goes with an assistant, other routers have their own setup assistant, with guides for some routers. I hope to expand the list with concise how-to’s, and a list of hardware that support RADIUS.

Q:

How do I know if my router is eligible at all?

A:

Check under the ‘Wireless Security’ settings (or security) of your router’s web interface (check the manual) and see if there are options for “WPA2 Enterprise”, “802.1X”, or “RADIUS”.

Q:

What distribution of RADIUS does Praetorian support?

A:

FreeRADIUS by defalt, any distribution supporting the RadDB format (users file and clients file), and if demand is enough, LDAP and SQL backend support are possibilities.

Q:

Is Praetorian a single-window application?

A:

No, it’s not;

But it’s main workflow is situated in a single window, where a toolbar element is used for navigation.

Q:

RADIUS is supposed to be followed by DIAMETER, using TCP transport (or SCTP) and generally improving upon the feature-base of RADIUS. Are there any plans to support DIAMETER?

A:

Conclusively; yes. Absolutely. Since Apple plans to also support RADIUS out of the box with OS X Server 10.5, Praetorian will be on it’s heels with DIAMETER support by the time Leopard comes out.

Q:

How does Praetorian scan my network?

A:

Praetorian uses very fast ARP scanning. Yes, it will scan without all the rest of the ’securing’ bit. But the scanner tool built into Praetorian is integrated with the application’s main functionality.

Q:

Are Fortitude and Praetorian related projects?

A:

They will have integration.