This chapter covers the following topics:
- Basic Foundation Identity Concepts
- Types of Identity
- Factors in Identity
- Role of Identity in Secure Networking
- Identity Technology Guidelines
- Identity Deployment Recommendations
A good name is better than precious ointment.
Ecclesiastes, 7:1
"Must a name mean something?" Alice asked doubtfully.
"Of course it must," Humpty Dumpty said with a short laugh: "my name means the shape I amand a good handsome shape it is, too. With a name like yours, you might be any shape, almost."
Lewis Carroll, Through the Looking-Glass, 1872
Identity is a foundation technology in secure networking. It, more than any other technology, interfaces directly with the network's users. But as you'll learn in this chapter, identity isn't always just about users; sometimes network or device identity is needed. As you learned in Chapter 4, "Network Security Technologies," there are many identity "technologies" such as username/password, digital certificates, RADIUS/ TACACS+, and so on. This chapter discusses some additional forms of identity and some common deployments and design considerations around identity in the network.
Identity touches almost all aspects of secure networking in some form or another. In keeping with this, other chapters in the book also discuss identity components when appropriate. Specifically, Chapter 10, "IPsec VPN Design Considerations," and Chapter 11, "Supporting-Technology Design Considerations," have identity discussions particular to virtual private networks (VPNs) and wireless LANs (WLANs).
This chapter focuses on some of the foundation identity concepts and technologies that span most of the identity space.
Part I. Network Security Foundations
Network Security Axioms
Security Policy and Operations Life Cycle
Secure Networking Threats
Network Security Technologies
Part II. Designing Secure Networks
Device Hardening
General Design Considerations
Network Security Platform Options and Best Deployment Practices
Common Application Design Considerations
Identity Design Considerations
IPsec VPN Design Considerations
Supporting-Technology Design Considerations
Designing Your Security System
Part III. Secure Network Designs
Edge Security Design
Campus Security Design
Teleworker Security Design
Part IV. Network Management, Case Studies, and Conclusions
Secure Network Management and Network Security Management
Case Studies
Conclusions
References
Appendix A. Glossary of Terms
Appendix B. Answers to Applied Knowledge Questions
Appendix C. Sample Security Policies
INFOSEC Acceptable Use Policy
Password Policy
Guidelines on Antivirus Process
Index