Frequently Asked Questions


The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts. To have your questions about this chapter answered by the author, browse to www.syngress.com/solutions and click on the Ask the Author form. You will also  gain access to thousands of  other  FAQs at ITFAQnet.com.

1.  

I don t want to use a single-phase authentication scheme ”what are my options?

you may want to consider using securid. outfitting your users with securid tags will simplify their authentication process, while still providing a dual-phased authentication approach. other vendors developing tokens include secure computing and aladdin.

2.  

I am using external authentication schemes, and it seems redundant to have to define all my users in FireWall-1. How can I get around this?

in earlier versions you would create a default user, called generic* . this avoids the requirement of creating all users locally as well as externally. now in ng ai, you can use the external user profiles option.

3.  

With user authentication, how can I authenticate users transparently ?

transparent user authentication requires that the username and password on the target server and the firewall be identical. when this is the case, the firewall can intercept the authentication attempt before it reaches the target server, authenticate the user itself, and then pass the connection on to the target server without prompting the user again, since the credentials are the same.

4.  

If session authentication is supposed to be transparent, why is the user prompted for a username and password?

transparent, in this case, refers to the perspective of the target server. since session authentication allows a direct connection between the user and the target server, assuming that connection is allowed, the connection is said to be transparent.

5.  

I m using User Auth in the rule base, so why do my users keep getting prompted for authentication over and over again in their Web browsers?

configure your users web browsers to point to the firewall as a proxy server for http connections or change the user auth properties in the rule to all servers.

Answers

1.  

You may want to consider using SecurID. Outfitting your users with SecurID tags will simplify their authentication process, while still providing a dual-phased authentication approach. Other vendors developing tokens include Secure Computing and Aladdin.

2.  

In earlier versions you would create a default user, called generic* . This avoids the requirement of creating all users locally as well as externally. Now in NG AI, you can use the External User Profiles option.

3.  

Transparent user authentication requires that the username and password on the target server and the firewall be identical. When this is the case, the firewall can intercept the authentication attempt before it reaches the target server, authenticate the user itself, and then pass the connection on to the target server without prompting the user again, since the credentials are the same.

4.  

Transparent, in this case, refers to the perspective of the target server. Since session authentication allows a direct connection between the user and the target server, assuming that connection is allowed, the connection is said to be transparent.

5.  

Configure your users Web browsers to point to the firewall as a proxy server for HTTP connections or change the User Auth properties in the rule to All Servers.




Check Point NG[s]AI
Check Point NG[s]AI
ISBN: 735623015
EAN: N/A
Year: 2004
Pages: 149

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net