Enterasys Networks CSX7000 Manuel d'utilisateur Page 161

  • Télécharger
  • Ajouter à mon manuel
  • Imprimer
  • Page
    / 729
  • Table des matières
  • MARQUE LIVRES
  • Noté. / 5. Basé sur avis des utilisateurs
Vue de la page 160
S
ECURITY
O
VERVIEW
OVERVIEW
Security is an important issue to consider when you are setting up a network. The CyberSWITCH
provides several security options, and this chapter describes the “Big Picture” of how these options
work and interoperate. This information will better equip you to proceed with the following phases
of security configuration:
1. configuring the level of security
2. configuring system options and information
3. configuring device level databases
4. configuring user level databases
5. configuring off-node server information
6. configuring network login information
These phases of security configuration are described in detail in the following chapters.
SECURITY LEVEL
The first phase of security configuration is selecting the type of security for your network. The
CyberSWITCH offers the following options for Network Security: no security, device level security,
user level security, or device and user level security.
If you opt to use no security, for example with a bridged network, no further security configuration
is required. No database is needed for this option.
Device level security is an authentication process between internetworking devices. Authentication
happens automatically without any human intervention. The devices authenticate each other using
a specific authentication protocol, based on preconfigured information. Both bridges and routers
support device level security.
If you select device level security for your network, you may specify to use the on-node database,
Connection Services Manager (CSM), or RADIUS for the authentication database.
User level security is an authentication process between a specific user and a device. In contrast to
the device level security, this authentication process is performed interactively. Interactive user
security may use security token cards. Token cards are credit card-sized devices. The system
supports a security token card called SecurID, provided by Security Dynamics.
The SecurID card works on a “passcode” concept, which consists of three factors:
•the users name
the user’s password
a dynamically-generated value (from the SecurID card)
If you select user level security for your network, you may specify to use RADIUS (with limited
capabilities), TACACS, or ACE server.
Vue de la page 160
1 2 ... 156 157 158 159 160 161 162 163 164 165 166 ... 728 729

Commentaires sur ces manuels

Pas de commentaire