User Authentication; Overview - D-Link DFL-1660 User Manual
Network security firewall
Hide thumbs
Also See for DFL-1660:
- User manual (483 pages) ,
- Installation manual (45 pages) ,
- Reference manual (948 pages)
Table of Contents
Advertisement
Chapter 8. User Authentication
This chapter describes how NetDefendOS implements user authentication.
• Overview, page 391
• Authentication Setup, page 393
• Customizing Authentication HTML Pages, page 410
8.1. Overview
In situations where individual users connect to protected resources through the NetDefend Firewall,
the administrator will often require that each user goes through a process of authentication before
access is allowed.
This chapter deals with setting up authentication for NetDefendOS but first the general issues
involved in authentication will be examined.
Proving Identity
The aim of authentication is to have the user prove their identity so that the network administrator
can allow or deny access to resources based on that identity. Possible types of proof could be:
A. Something the user is. Unique attributes that are different for every person, such as a fingerprint.
B. Something the user has, such a passcard, a X.509 Digital Certificate or Public and Private Keys.
C. Something the user knows such as a password.
Method A may require a special piece of equipment such as a biometric reader. Another problem
with A is that the special attribute often cannot be replaced if it is lost.
Methods B and C are therefore the most common means of identification in network security.
However, these have drawbacks: keys might be intercepted, passcards might be stolen, passwords
might be guessable, or people may simply be bad at keeping a secret. Methods B and C are therefore
sometimes combined, for example in a passcard that requires a password or pincode for use.
Making Use of Username/Password Combinations
This chapter deals specifically with user authentication performed with username/password
combinations that are manually entered by a user attempting to gain access to resources. Access to
the external public Internet through a NetDefend Firewall by internal clients using the HTTP
protocol is an example of this.
In using this approach, username/password pairs are often the subject of attacks using guesswork or
systematic automated attempts. To counter this, any password should be carefully chosen. Ideally it
should:
•
Be more than 8 characters with no repeats.
•
Use random character sequences not commonly found in phrases.
•
Contain both lower and upper case alphabetic characters.
•
Contain both digits and special characters.
391
- Quick Links:
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
