Summary

Previous page
Table of content
Next page

Authenticating users in a reliable, consistent, yet straightforward manner is key to the success of your security policy. No matter how secure the rest of your policy is, without the power of controlling who is authorized to access your network, you will not have succeeded in securing your environment.

The various authentication schemes we discussed provide you with different ways of challenging users for their credentials, providing the firewall with a means of determining if they are who they say they are. Some of the schemes are very simple, such as FW-1 password, which simply requires a username and password for successful authentication. Others, such as SecurID, present more elaborate challenges to the user before granting access.

Schemes can also be divided into internal and external. Internal authentication schemes, such as FW-1 password, are based entirely within FW-1; they do not interact with any external servers to provide their services. In contrast, external authentication schemes, such as RADIUS or TACACS, query servers outside the firewall to obtain the information they require to authenticate users.

To use these authentication schemes, you must create a database of users. This can be done within FW-1, as we discussed when we looked at the FW-1 user manager, or you may choose to integrate FW-1 with an LDAP server. Using LDAP to integrate an external database of users is especially useful in cases where other components of your network also require access to the user database.

FW-1 provides three types of authentication: user, client, and session. User authentication is used to authenticate users transparently for HTTP, HTTPS, FTP, telnet, and rlogin. Client authentication is more flexible ”it works for all services ”but is not necessarily transparent. Users must manually authenticate via telnet or HTTP before they are granted access. Session authentication also works for all services, and is transparent, but requires an extra piece of software on the client s end: the session authentication agent. Single Sign On is also available from Check Point with its UserAuthority software, but is not covered within this book.

Now that you are familiar with all of FW-1 s authentication schemes, user-management functions, and authentication types, you will be able to ensure that authorized users have straightforward access to your network, while protecting your environment from the rest of the Internet.



Previous page
Table of content
Next page
Check Point NG[s]AI
Check Point NG[s]AI
ISBN: 735623015
EAN: N/A
Year: 2004
Pages: 149
BUY ON AMAZON
Inside Network Security Assessment: Guarding Your IT Infrastructure
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
Java How to Program (6th Edition) (How to Program (Deitel))
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy