S
ECURITY
O
VERVIEW
O
VERVIEW
Security is an important issue to consider when you are setting up a network. The CyberSWITCH
provides several security options, and this chapter describes the “Big Picture” of how these options
work and interoperate. This information will better equip you to proceed with the following phases
of security configuration:
1.
configuring the level of security
2.
configuring system options and information
3.
configuring device level databases
4.
configuring user level databases
5.
configuring off-node server information
6.
configuring network login information
These phases of security configuration are described in detail in the following chapters.
S
ECURITY
L
EVEL
The first phase of security configuration is selecting the type of security for your network. The
CyberSWITCH offers the following options for Network Security: no security, device level security,
user level security, or device and user level security.
If you opt to use no security, for example with a bridged network, no further security configuration
is required. No database is needed for this option.
Device level security is an authentication process between internetworking devices. Authentication
happens automatically without any human intervention. The devices authenticate each other using
a specific authentication protocol, based on preconfigured information. Both bridges and routers
support device level security.
If you select device level security for your network, you may specify to use the on-node database,
Connection Services Manager (CSM), or RADIUS for the authentication database.
User level security is an authentication process between a specific user and a device. In contrast to
the device level security, this authentication process is performed interactively. Interactive user
security may use security token cards. Token cards are credit card-sized devices. The system
supports a security token card called SecurID, provided by Security Dynamics.
The SecurID card works on a “passcode” concept, which consists of three factors:
•
the user’s name
•
the user’s password
•
a dynamically-generated value (from the SecurID card)
If you select user level security for your network, you may specify to use RADIUS (with limited
capabilities), TACACS, or ACE server.