beautypg.com

Secure switch management, Authentication and authorization, Secure switch management 101 – Nortel Networks WEB OS 212777 User Manual

Page 101: Authentication and authorization 101

background image

Web OS 10.0 Application Guide

Chapter 5: Secure Switch Management

n

101

212777-A, February 2002

Secure Switch Management

Secure switch management is needed for environments that perform significant management
functions across the Internet. The following are some of the functions for secured manage-
ment:

n

Authentication of remote administrators

Authentication is the action of determining and verifying who the administrator is; it usu-
ally involves a name and a password. The password can be either a fixed password or a
challenge-response query.

n

Authorization of remote administrators

Once an administrator has been authenticated, authorization is the action of determining
what that user is allowed to do. Authorization does not merely provide yes or no answers
but may also customize the service for a particular administrator.

n

Encryption of management information exchanged between the remote administrator and
the switch

Examples of protocols to encrypt management information are SSH (Secure Shell) and
SCP (Secure Copy).

Authentication and Authorization

N

OTE

While authentication and authorization (AA) protocols and servers are designed to

authenticate remote dial-up users (in addition to authorizing remote access capabilities to
users), this overview is focused on using the AA model to authenticate and authorize remote
administrators for managing a switch.

The AA model is based on a client/server model. The Remote Access Server (RAS)—the
switch—is a client to the back-end database server. A remote user (the remote administrator)
interacts only with the RAS, not the back-end server and database.

Two prominent AA protocols used to control dial-up access into networks are Cisco’s
TACACS+ (Terminal Access Controller Access Control System) and Livingston Enterprise’s
RADIUS (Remote Authentication Dial-In User Service). Web OS supports only the RADIUS
authentication method.