© 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.
-
Upload
easter-stephens -
Category
Documents
-
view
212 -
download
0
Transcript of © 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.
![Page 1: © 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfcf1a28abf838caa00c/html5/thumbnails/1.jpg)
© 2005,2006 NeoAccel Inc.
Partners Presentation
Authentication & Access Control
![Page 2: © 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfcf1a28abf838caa00c/html5/thumbnails/2.jpg)
© 2005,2006 NeoAccel Inc.
Definitions
Authentication :
• is the act of establishing or confirming something (or someone) as authentic.
• a way to ensure users are who they say they are.
• to ascertain the user who attempts to perform functions in a system is in fact the user who is authorized to do so.
Authorization :
• is the process of verifying that a known person has the authority to perform a certain operation.
• Authentication, therefore, must precede authorization.
Access Control :
• Granting those privileges as may authorized to a user.
![Page 3: © 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfcf1a28abf838caa00c/html5/thumbnails/3.jpg)
© 2005,2006 NeoAccel Inc.
Users & Groups
User 1 User 2
User 3
EngineeringManagement
Accounts
User 1User 4
User 5
User 2User 3
![Page 4: © 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfcf1a28abf838caa00c/html5/thumbnails/4.jpg)
© 2005,2006 NeoAccel Inc.
Authentication Techniques
Local Database• Our own database of users & groups
RADIUS (Remote Authentication Dial In User Service)• is an AAA (Authentication , Authorization & Accounting) protocol .
LDAP (Lightweight Directory Access Protocol)• is a networking protocol for querying and modifying directory services running over TCP/IP.
AD (Active Directory) • is an implementation of LDAP directory services by Microsoft for use in Windows environments
Group Extraction (for external authentication servers)
![Page 5: © 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfcf1a28abf838caa00c/html5/thumbnails/5.jpg)
© 2005,2006 NeoAccel Inc.
NeoAccel - Authentication
![Page 6: © 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfcf1a28abf838caa00c/html5/thumbnails/6.jpg)
© 2005,2006 NeoAccel Inc.
Adding a new Authentication Server
![Page 7: © 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfcf1a28abf838caa00c/html5/thumbnails/7.jpg)
© 2005,2006 NeoAccel Inc.
Configuring Radius Server
![Page 8: © 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfcf1a28abf838caa00c/html5/thumbnails/8.jpg)
© 2005,2006 NeoAccel Inc.
Configuring AD Server
![Page 9: © 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfcf1a28abf838caa00c/html5/thumbnails/9.jpg)
© 2005,2006 NeoAccel Inc.
Configuring LDAP Server
![Page 10: © 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfcf1a28abf838caa00c/html5/thumbnails/10.jpg)
© 2005,2006 NeoAccel Inc.
Authenticating using these servers
![Page 11: © 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfcf1a28abf838caa00c/html5/thumbnails/11.jpg)
© 2005,2006 NeoAccel Inc.
Selecting Authentication Servers
![Page 12: © 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfcf1a28abf838caa00c/html5/thumbnails/12.jpg)
© 2005,2006 NeoAccel Inc.
Configuring Users
![Page 13: © 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfcf1a28abf838caa00c/html5/thumbnails/13.jpg)
© 2005,2006 NeoAccel Inc.
Access Control Policies (ACL)
There can be ACLs based on :
•Protocol (TCP / UDP / IP / ICMP / FTP / HTTP /HTTPS / SSH)
•Source Machine specified by its IP (IPrange , subnet or specific IP) or Port (Specific port or port-range)
•Destination Machine specified by its IP (IPrange , subnet or specific IP) or Port (Specific port or port-range)
•Source MAC Address (of its physical network card)
•Packet Time (based on Time , date or day) , which can be applied periodically or for a specific period of time
![Page 14: © 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfcf1a28abf838caa00c/html5/thumbnails/14.jpg)
© 2005,2006 NeoAccel Inc.
Configuring ACLs
![Page 15: © 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfcf1a28abf838caa00c/html5/thumbnails/15.jpg)
© 2005,2006 NeoAccel Inc.
Thank You