- Perle User Guide Network Adapter 833IS

ManualsBrandsPerle Systems ManualsNetwork CardPerle 833IS

181

182

183

184

185

186

187

188

189

190

Chapter 9: Configuring the Server

Perle 833IS User Guide 169

Security

It is important that you manage access to your network by Dial-In Remote Users. In

particular you should:

■

Control who can connect to the 833IS.

■

Control who can access your network resources such as file servers.

■

Control who can configure and manage the 833IS.

The 833IS has facilities for controlling all the above.

Overview User Authentication

When a user dials in, the 833IS ensures that the user is authenticated before allowing

a session to be established. This authentication can be done by:

■ Using a password

. At the time of connect, the user must provide a user ID and

password. If the password is incorrect, the call is disconnected. The password

can be set up in the 833IS Internal User database, or an external database such as

Novell Bindery or RADIUS.

■ Using a token authentication scheme such as Security Dynamics SecurID or

Axent. A token can take the form of a software key or an electronic card that

provides a constantly changing number. At the time of connect, the user reads

the current number from the software key or electronic card, and enters it in

addition to the password and user ID. Token authentication provides for a higher

level of security as the user must both possess the token and know the password.

PAP and CHAP

The Password Authentication Protocol (PAP) and the Challenge-Handshake

Authentication Protocol (CHAP) are utilized in PPP security. They provide a secure

mechanism to authenticate a user name and password. The 833IS Local security

service as well as some third party security services require that the Dial-In Client

software support PAP or CHAP.

CHAP provides a higher level of security than PAP and should be used wherever

possible.

Callback

You can enable the Fixed Callback feature of the 833IS to enhance security. With

Fixed Callback, the user record contains a phone number to be used for callback.

Once the user is authenticated, the call is dropped. The 833IS then calls back using