Defining Authentication

Previous page
Table of content
Next page

Authentication is a means to enforce a policy of who can access your network devices and who can access certain network services that traverse your security appliance, such as web, Telnet, and FTP. You can enforce authentication on both inbound and outbound users. When a user is authenticated, it means that the user has passed proper credentials, such as a username and password. Therefore, the user should be granted access to the service or device requested.

In today's Internet environment, you see authentication frequently. Two common examples of authentication are when users access their e-mail account and when users attempt to access a website for financial transactions. In both cases, users are prompted for both a username and a password. Whenever critical data is to be accessed, it's considered a best practice to authenticate users before granting them access. Similarly, whenever a critical device is to be accessed, it's considered a best practice to authenticate users before granting them access. The ASA/PIX Security Appliance is one such crucial device that, if compromised by an attacker, can be used to weaken the security of your entire network.

There is also another part of authentication possible with the ASA/PIX Security Appliance called authorization, which is a feature that defines what users can do after they have successfully authenticated on to a system. For example, if you have someone in your organization to whom you want to give access to the security appliance, but you want him to be able to only monitor syslog usage, you can configure the ASA/PIX Security Appliance to achieve this requirement.

The ASA/PIX Security Appliance also supports AAA accounting, which logs user activity on the security appliance, including device logon information, authentication stop and start events, elapsed time on the device, and commands that were entered after someone authenticated on to the device. AAA accounting is supported with both the TACAS+ and RADIUS protocol.

In this book, you learn to store all usernames and passwords locally on the ASA/PIX Security Appliance. You can, however, use the Cisco Access Control Server (Cisco ACS) instead of the local ASA/PIX data. The Cisco ACS allows you the flexibility to authenticate on to the following:

  • A one-time password authentication server

  • A Microsoft domain controller

  • An LDAP server

  • A TACACS+ database

  • A RADIUS database


Previous page
Table of content
Next page
Securing Your Business with Cisco ASA and PIX Firewalls
Securing Your Business with Cisco ASA and PIX Firewalls
ISBN: 1587052148
EAN: 2147483647
Year: 2006
Pages: 120
Authors: Greg Abelar
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
A+ Fast Pass
C++ GUI Programming with Qt 3
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy