Table of Contents
Advertisement
Secure Switch Management
Secure switch management is needed for environments that perform significant management
functions across the Internet. The following are some of the functions for secured manage-
ment:
n
Authentication of remote administrators
Authentication is the action of determining and verifying who the administrator is; it usu-
ally involves a name and a password. The password can be either a fixed password or a
challenge-response query.
n
Authorization of remote administrators
Once an administrator has been authenticated, authorization is the action of determining
what that user is allowed to do. Authorization does not merely provide yes or no answers
but may also customize the service for a particular administrator.
n
Encryption of management information exchanged between the remote administrator and
the switch
Examples of protocols to encrypt management information are SSH (Secure Shell) and
SCP (Secure Copy).
Authentication and Authorization
N
OTE
authenticate remote dial-up users (in addition to authorizing remote access capabilities to
users), this overview is focused on using the AA model to authenticate and authorize remote
administrators for managing a switch.
The AA model is based on a client/server model. The Remote Access Server (RAS)—the
switch—is a client to the back-end database server. A remote user (the remote administrator)
interacts only with the RAS, not the back-end server and database.
Two prominent AA protocols used to control dial-up access into networks are Cisco's
TACACS+ (Terminal Access Controller Access Control System) and Livingston Enterprise's
RADIUS (Remote Authentication Dial-In User Service). Web OS supports only the RADIUS
authentication method.
212777-A, February 2002
–
While authentication and authorization (AA) protocols and servers are designed to
Web OS 10.0 Application Guide
Chapter 5: Secure Switch Management
n
101
Advertisement
Table of Contents
