D-Link DFL-260-AV-12 Product Manual - Page 355
User Authentication, 8.1. Overview
View all D-Link DFL-260-AV-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 355 highlights
Chapter 8. User Authentication This chapter describes how NetDefendOS implements user authentication. • Overview, page 355 • Authentication Setup, page 357 • Customizing HTML Pages, page 373 8.1. Overview In situations where individual users connect to protected resources through the NetDefend Firewall, the administrator will often require that each user goes through a process of authentication before access is allowed. This chapter deals with setting up authentication for NetDefendOS but first the general issues involved in authentication will be examined. Proving Identity The aim of authentication is to have the user prove their identity so that the network administrator can allow or deny access to resources based on that identity. Possible types of proof could be: A. Something the user is. Unique attributes that are different for every person, such as a fingerprint. B. Something the user has, such a passcard, a X.507 Digital Certificate or Public and Private Keys. C. Something the user knows such as a password. Method A may require a special piece of equipment such as a biometric reader. Another problem with A is that the special attribute often cannot be replaced if it is lost. Methods B and C are therefore the most common means of identification in network security. However, these have drawbacks: keys might be intercepted, passcards might be stolen, passwords might be guessable, or people may simply be bad at keeping a secret. Methods B and C are therefore sometimes combined, for example in a passcard that requires a password or pincode for use. Making Use of Username/Password Combinations This chapter deals specifically with user authentication performed with username/password combinations that are manually entered by a user attempting to gain access to resources. Access to the external public Internet through a NetDefend Firewall by internal clients using the HTTP protocol is an example of this. In using this approach, username/password pairs are often the subject of attacks using guesswork or systematic automated attempts. To counter this, any password should be carefully chosen. Ideally it should: • Be more than 8 characters with no repeats. • Use random character sequences not commonly found in phrases. • Contain both lower and upper case alphabetic characters. • Contain both digits and special characters. 355