Upload
easter-stephens
View
213
Download
0
Embed Size (px)
Citation preview
© 2005,2006 NeoAccel Inc.
Partners Presentation
Authentication & Access Control
© 2005,2006 NeoAccel Inc.
Definitions
Authentication :
• is the act of establishing or confirming something (or someone) as authentic.
• a way to ensure users are who they say they are.
• to ascertain the user who attempts to perform functions in a system is in fact the user who is authorized to do so.
Authorization :
• is the process of verifying that a known person has the authority to perform a certain operation.
• Authentication, therefore, must precede authorization.
Access Control :
• Granting those privileges as may authorized to a user.
© 2005,2006 NeoAccel Inc.
Users & Groups
User 1 User 2
User 3
EngineeringManagement
Accounts
User 1User 4
User 5
User 2User 3
© 2005,2006 NeoAccel Inc.
Authentication Techniques
Local Database• Our own database of users & groups
RADIUS (Remote Authentication Dial In User Service)• is an AAA (Authentication , Authorization & Accounting) protocol .
LDAP (Lightweight Directory Access Protocol)• is a networking protocol for querying and modifying directory services running over TCP/IP.
AD (Active Directory) • is an implementation of LDAP directory services by Microsoft for use in Windows environments
Group Extraction (for external authentication servers)
© 2005,2006 NeoAccel Inc.
NeoAccel - Authentication
© 2005,2006 NeoAccel Inc.
Adding a new Authentication Server
© 2005,2006 NeoAccel Inc.
Configuring Radius Server
© 2005,2006 NeoAccel Inc.
Configuring AD Server
© 2005,2006 NeoAccel Inc.
Configuring LDAP Server
© 2005,2006 NeoAccel Inc.
Authenticating using these servers
© 2005,2006 NeoAccel Inc.
Selecting Authentication Servers
© 2005,2006 NeoAccel Inc.
Configuring Users
© 2005,2006 NeoAccel Inc.
Access Control Policies (ACL)
There can be ACLs based on :
•Protocol (TCP / UDP / IP / ICMP / FTP / HTTP /HTTPS / SSH)
•Source Machine specified by its IP (IPrange , subnet or specific IP) or Port (Specific port or port-range)
•Destination Machine specified by its IP (IPrange , subnet or specific IP) or Port (Specific port or port-range)
•Source MAC Address (of its physical network card)
•Packet Time (based on Time , date or day) , which can be applied periodically or for a specific period of time
© 2005,2006 NeoAccel Inc.
Configuring ACLs
© 2005,2006 NeoAccel Inc.
Thank You