The type of firewall authentication-Vecloud

Others 2021-01-22 23:54:30 views: null

The firewall can support various authentication methods.
Firewall authentication means that users claim to be who they say they are and are allowed to access the resources for which they are authenticated. Just like when we log in to a Microsoft
Windows computer and let Windows know our identity by specifying a username and then a password, we prove our identity. Finally, Windows only allows us to access the resources that are allowed.
Firewall authentication can be used by various functions. The two most common ones are SSL VPN and Web filtering. The following are some common authentication methods supported by most firewalls.
Insert picture description here
1. Built-in database authentication
Use the built-in database for identity verification, the firewall contains a built-in identity verification database. Users can authenticate against the database for access. The database is usually configured with multiple user names and passwords. Using the built-in database authentication is easy to configure and very effective, but this method is not scalable. If changes are frequently required (for example, users frequently join and leave), the firewall database will need to be continuously updated.
2. LDAP authentication
You can use the Lightweight Directory Access Protocol (LDAP) to query and authenticate the directory server. Usually, this will be Active
Directory, although it can be any directory service that supports LDAP, such as Novell Directory Open
LDAP, etc. This is a scalable method because directory services are usually always up-to-date. We do not need to update the local firewall because it is querying the directory server.
3. Certificate authentication
For most firewalls, you can use publicly signed certificates or self-signed certificates for firewall authentication. If the firewall is a public firewall facing anyone outside, a publicly identifiable certificate should be set up to authenticate anonymous users. Publicly recognized certificates are provided by VeriSign, Go
It is issued by someone like Daddy or Thawte and is known by common browsers such as Internet Explorer and Mozilla Firefox, so it is automatically trusted.
However, if the firewall is authenticating known clients under its control, it can be easily configured with a self-signed certificate. The firewall vendor issues self-signed certificates for free, and because you control the client, you can install the relevant certificate on the client browser. You need to do this because the browser does not know this certificate by default because it is self-signed. You can use Active
Directory Group Policy or similar methods to deploy certificates on many client systems at once. The common use case here is SSL VPN users. Since SSL
VPN is an application based on a secure browser, you can use a self-signed certificate to prevent an error page stating that "the security certificate provided by this website is not issued by a trusted certificate authority".
4. Two-factor authentication
Two-factor authentication means that two different factors are required to authenticate before allowing access. It usually takes the form of what you know (password) and what you own (software or hardware token). You can also choose your identity (fingerprint). A very common method is to configure the firewall to require a hardware token and your personal password for authentication. In the SSL
VPN solution, you will use your personal password and the 6-digit number displayed on the hardware token to log in to the SSL portal. Without a combination of the two, you will not be able to access. This provides better security than relying on a single password. After all, if someone does steal your password, they can access your company’s corporate network.
5. Single sign-on
Single sign-on can ensure that users transparently pass the firewall's identity verification without having to log in manually.
An example of a firewall integrated with Active Directory is that when a user logs on to the network, the firewall proxy
Directory polls for this information and forwards it. To the firewall. Therefore, when a user questions the firewall's policy of requiring authentication, the firewall knows that the user has passed network authentication. Then, according to who the user is, determine the weather that the user is allowed to access. If users are allowed access, the firewall will allow them to access the resources they need, and the end user does not need to pay attention to anything. Therefore, the user does not need to manually specify the password again to be authenticated.
Vecloud is a technological innovation enterprise that provides cloud exchange network services as its core business for enterprises. It has 30 data center nodes around the world, more than 200 POP nodes, and serves more than 300 major customers, involving finance, Internet, games, AI, Education, manufacturing, multinational companies and other industries. http://www.vecloud.com/products/it-outsourcing.html

Guess you like

Origin blog.csdn.net/vecloud/article/details/112918125
Recommended
wlnmp one-click installation package update 240522
ChatGPT was severely down and was rumored to have been hacked by Russian hackers.
Ranking
Java implementation Storage Structure queue
Android development Yabo Sports Start Tutorial
Let me catch it! There are a lot of interesting souls, not many interesting books, Redis in-depth adventure subverts your understanding of Redis
easyrecovery software 2024 free version computer file data recovery tool
Deep Understanding of Virtual Private Networks: How VPNs Connect the World
EOS was looted, not without reason
Construction of chromium GN system
Comprehensive summary of JAVA basic knowledge [New students must see and learn together]
Fall in love with [data structures] Quick Sort
OpenCV implements FAST algorithm corner point detection and ORB algorithm feature point detection
Daily
More
2024-05-22(9)
2024-05-21(35)
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)

Code World

© 2018 codetd.com