Chapter 8. User Authentication
This chapter describes how NetDefendOS implements user authentication.
• Overview, page 361
• Authentication Setup, page 363
• Customizing HTML Pages, page 379
8.1. Overview
In situations where individual users connect to protected resources through the NetDefend Firewall,
the administrator will often require that each user goes through a process of authentication before
access is allowed.
This chapter deals with setting up authentication for NetDefendOS but first the general issues
involved in authentication will be examined.
Proving Identity
The aim of authentication is to have the user prove their identity so that the network administrator
can allow or deny access to resources based on that identity. Possible types of proof could be:
A. Something the user is. Unique attributes that are different for every person, such as a fingerprint.
B. Something the user has, such a passcard, a X.507 Digital Certificate or Public and Private Keys.
C. Something the user knows such as a password.
Method A may require a special piece of equipment such as a biometric reader. Another problem
with A is that the special attribute often cannot be replaced if it is lost.
Methods B and C are therefore the most common means of identification in network security.
However, these have drawbacks: keys might be intercepted, passcards might be stolen, passwords
might be guessable, or people may simply be bad at keeping a secret. Methods B and C are therefore
sometimes combined, for example in a passcard that requires a password or pincode for use.
Making Use of Username/Password Combinations
This chapter deals specifically with user authentication performed with username/password
combinations that are manually entered by a user attempting to gain access to resources. Access to
the external public Internet through a NetDefend Firewall by internal clients using the HTTP
protocol is an example of this.
In using this approach, username/password pairs are often the subject of attacks using guesswork or
systematic automated attempts. To counter this, any password should be carefully chosen. Ideally it
should:
•
Be more than 8 characters with no repeats.
•
Use random character sequences not commonly found in phrases.
•
Contain both lower and upper case alphabetic characters.
•
Contain both digits and special characters.
361
Summary of Contents for DFL-1600 - Security Appliance
Page 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27 ...
Page 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79 ...
Page 146: ...3 9 DNS Chapter 3 Fundamentals 146 ...
Page 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227 ...
Page 241: ...5 4 IP Pools Chapter 5 DHCP Services 241 ...
Page 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339 ...
Page 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360 ...
Page 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382 ...
Page 386: ... The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386 ...
Page 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439 ...
Page 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450 ...
Page 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488 ...
Page 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503 ...
Page 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510 ...
Page 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533 ...