D-Link DFL-800-AV-12 User Manual - Page 220
User Authentication, 8.1. Overview
View all D-Link DFL-800-AV-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 220 highlights
Chapter 8. User Authentication This chapter describes how NetDefendOS implements user authentication. • Overview, page 220 • Authentication Setup, page 221 8.1. Overview In situations where individual users connect to protected resources through a D-Link Firewall, the administrator will often require that each user goes through a process of authentication before access is allowed. This chapter deals with setting up authentication for NetDefendOS but first the general issues involved in authentication are examined. Proving Identity The aim of authentication is to have the user prove their identity so that the network administrator can allow or deny access to resources based on that identity. Possible types of proof could be: A. Something the user is. Unique attributes that are different for every person, such as a fingerprint. B. Something the user has, such a passcard, a X.507 Digital Certificate or Public and Private Keys. C. Something the user knows such as a password. Method A may require a special biometric reader. Another problem is that the feature often can't be replaced if it is lost. Methods B and C are therefore the most common in network security. However, these have drawbacks: Keys might be intercepted, passcards might be stolen, passwords might be guessable, or people may simply be bad at keeping a secret. Methods B and C are sometimes combined, for example in a passcard that requires a password or pincode for use. Using Username/Passwords This chapter deals specifically with user authentication through validation of username/password combinations manually entered by a user attempting to gain access to resources. Access to the Internet using the HTTP protocol through a D-Link Firewall is an example of this where a username/password combination is the primary authentication method. In using this approach, passwords are often subject to attacks by guesswork or systematic searches. To counter this, a password should be carefully chosen. Ideally it should: • Be more than 8 characters with no repeats. • Use random character sequences not commonly found in phrases. • Contain both lower and upper case alphabetic characters. • Contain both digits and special characters. To remain secure passwords should also: • Not be recorded anywhere in written form. • Never be revealed to anyone else. • Changed on a regular basis such as every three months. 220