© 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control
© 2005,2006 NeoAccel Inc. Definitions Authentication : is the act of establishing or confirming something (or someone) as authentic. a way to ensure users are who they say they are. to ascertain the user who attempts to perform functions in a system is in fact the user who is authorized to do so. Authorization : is the process of verifying that a known person has the authority to perform a certain operation. Authentication, therefore, must precede authorization. Access Control : Granting those privileges as may authorized to a user.
© 2005,2006 NeoAccel Inc. Users & Groups User 1User 2 User 3 Engineering Management Accounts User 1 User 4 User 5 User 2 User 3
© 2005,2006 NeoAccel Inc. Authentication Techniques Local Database Our own database of users & groups RADIUS (Remote Authentication Dial In User Service) is an AAA (Authentication, Authorization & Accounting) protocol. LDAP (Lightweight Directory Access Protocol) is a networking protocol for querying and modifying directory services running over TCP/IP. AD (Active Directory) is an implementation of LDAP directory services by Microsoft for use in Windows environments Group Extraction (for external authentication servers)
© 2005,2006 NeoAccel Inc. NeoAccel - Authentication
© 2005,2006 NeoAccel Inc. Adding a new Authentication Server
© 2005,2006 NeoAccel Inc. Configuring Radius Server
© 2005,2006 NeoAccel Inc. Configuring AD Server
© 2005,2006 NeoAccel Inc. Configuring LDAP Server
© 2005,2006 NeoAccel Inc. Authenticating using these servers
© 2005,2006 NeoAccel Inc. Selecting Authentication Servers
© 2005,2006 NeoAccel Inc. Configuring Users
© 2005,2006 NeoAccel Inc. Access Control Policies (ACL) There can be ACLs based on : Protocol (TCP / UDP / IP / ICMP / FTP / HTTP /HTTPS / SSH) Source Machine specified by its IP (IPrange, subnet or specific IP) or Port (Specific port or port-range) Destination Machine specified by its IP (IPrange, subnet or specific IP) or Port (Specific port or port-range) Source MAC Address (of its physical network card) Packet Time (based on Time, date or day), which can be applied periodically or for a specific period of time
© 2005,2006 NeoAccel Inc. Configuring ACLs
© 2005,2006 NeoAccel Inc. Thank You