Upload File

remote user authentication. module objectives by the end of this module participants will be able...

  • Home
  • Documents
  • Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating
37
Remote User Authentication

Upload: justin-simmons

Post on 22-Dec-2015

217 views

Category:

Documents


0 download

Report

Tags:

TRANSCRIPT

Page 1: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

Remote User Authentication

Page 2: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

Module Objectives

• By the end of this module participants will be able to:• Describe the methods available for authenticating

users that are contained in databases external to the FortiGate unit

• Configure LDAP Authentication

Page 3: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

Remote User Authentication

LDAPDirectoryServices TACACS+RADIUS

Remote Users

Digital certificates

Click here to read more about authentication methods

Page 4: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

Remote User Authentication

LDAPDirectoryServices TACACS+RADIUS

Remote Users

Digital certificates

Click here to read more about authentication methods

• The information used to authenticate users is stored on a remote server• The FortiGate unit sends the user’s

credentials to the remote server for validation

• Best for situations where multiple FortiGate units need to authenticate the same users

Page 5: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

Remote User Authentication

LDAPDirectoryServices TACACS+RADIUS

Digital certificates

Page 6: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

Remote User Authentication

LDAPDirectoryServices TACACS+RADIUS

Digital certificates

• The FortiGate unit must be configured to access the external servers used to authenticate the users• Administrators can create an account for the user locally and specify the server to verify the password or• Administrators can add the authentication server to a user group• All users in that server become members of

the group

Page 7: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

RADIUS Authentication

Kelly Miller

#p57ds%

?RADIUS

Kelly Miller

#p57ds%

Page 8: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

RADIUS Authentication

Kelly Miller

#p57ds%

RADIUS

Kelly Miller

#p57ds%

• The FortiGate unit sends the user name and password to the RADIUS server for verification• A RADIUS server can be added as a user group• All members will be able to

authenticate

Page 9: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

RADIUS Authentication

RADIUS

Page 10: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

RADIUS Authentication

RADIUS

• The IP address of the primary and secondary RADIUS servers along with their secret key must be identified on the FortiGate unit• A Fortinet Vendor-Specific Attributes (VSA) dictionary is provided to identify the RADIUS attributes used by the FortiGate unit

Page 11: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

RADIUS and SecureID Authentication

RSA ACE/Server? RADIUS

Page 12: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

RADIUS and SecureID Authentication

RSA ACE/ServerRADIUS• A RADIUS server and an RSA ACE/Server can be configured to work together to verify the password displayed on the SecureID token• The FortiGate unit must be configured to access the RADIUS server in addition to being configured as an Agent Host in the RSA ACE/Server• A user group for the SecureID users must be created on the FortiGate unit

Page 13: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

Dynamic Profiles

• Customer identifying information can be stored in the RADIUS server•When a user authenticates using RADIUS, the FortiGate unit can use a dynamic profile to extract the customer information and process traffic according to the dynamic profile firewall policy• RADIUS Start record is sent to the FortiGate device

• Allows different groups of users to have different levels of access• For example, parental controls

Page 14: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

Dynamic Profiles

Kelly Miller

#p57ds%

?RADIUS

Kelly Miller

#p57ds%Customer requestsconnection and is

forced to authenticate

Page 15: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

Dynamic Profiles

RADIUS

RADIUS server identifies the

customer

Page 16: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

Dynamic Profiles

RADIUS

Server sendsRADIUS Start recordto the FortiGate unit

Page 17: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

Dynamic Profiles

RADIUS

The FortiGate unitapplies the dynamicprofile firewall policy

using information fromthe RADIUS server

Page 18: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

Dynamic Profiles

RADIUSCustomer session

is filtered bythe profile group

Page 19: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

Dynamic Profiles

RADIUS

•On the RADIUS server, add a profile group name field to customer accounts that will be using dynamic profiles• This name will be added to the RADIUS

Start record sent by the server

• Configure the RADIUS server to send the Start record to the FortiGate unit

Page 20: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

Dynamic Profiles

RADIUS

Page 21: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

Dynamic Profiles

RADIUS

Page 22: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

Dynamic Profiles

RADIUS

Page 23: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

Dynamic Profiles

RADIUS

• To use dynamic profiles:• Configure the RADIUS server for dynamic

profiles• Configure an optional UTM profile group• Configure a dynamic profile firewall

policy• Identify the profile group or select All

Dynamic Profile Users

•Only one firewall policy can be configured for dynamic profiles in a VDOM

Page 24: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

LDAP

LDAP Authentication

Kelly Miller

#p57ds%

dc=com

dc=acme

ou=training

cn=Kelly Miller

Password: #p57ds%

?

Click here to read more about LDAP authentication

Page 25: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

LDAP

LDAP Authentication

Kelly Miller

#p57ds%

dc=com

dc=acme

ou=training

cn=Kelly Miller

Password: #p57ds%

Click here to read more about LDAP authentication

• The FortiGate unit can send the user name and password to the LDAP server for authentication• An LDAP server can be added as a user group• All members will be able to

authenticate

Page 26: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

LDAP

LDAP Authentication

Page 27: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

LDAP

LDAP Authentication

•Details of the LDAP server must be identified on the FortiGate unit• The DN of LDAP server must be identified during server configuration on a FortiGate unit

Page 28: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

TACACS+ Authentication

Kelly Miller

#p57ds%

?TACACS+

Kelly Miller

#p57ds%

Page 29: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

TACACS+ Authentication

Kelly Miller

#p57ds%

TACACS+

Kelly Miller

#p57ds%

• The FortiGate unit sends the user name and password to the TACACS+ server for verification• A TACACS+ server can be added as a user group• All members will be able to

authenticate

Page 30: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

TACACS+ Authentication

TACACS+

Page 31: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

TACACS+ Authentication

TACACS+

• The IP address of the TACACS+ servers along with its secret key must be identified on the FortiGate unit• Select the authentication protocols to be used by the TACACS+ server:• ASCII• PAP• CHAP• MS-CHAP

Page 32: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

Digital Certificate Authentication

CertificationAuthority

CA

+ User infoCertificateRequest

CertificateVerified

Page 33: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

Digital Certificate Authentication

CertificationAuthority

•Digital certificates issued by trusted certification authorities can be used for authentication• The certificate of the issuing authority must be installed on the FortiGate device to verify the digital signature on a user certificate • Confirms certificate was issued by a

trusted issuer

Page 34: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

Directory Services Authentication

WindowsActive Directory

Kelly Miller

$d12*h1

classroom

Page 35: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

Directory Services Authentication

WindowsActive Directory

Kelly Miller

$d12*h1

classroom

•User authenticates to Directory Services at logon• Windows Active Directory• Novel eDirectory

• Authentication information passed to FortiGate unit• User automatically gets access to

permitted resources without any further authentication operations

•Uses Fortinet Single Sign On

Page 36: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

Labs

• Lab - LDAP Authentication•Configuring LDAP•Testing LDAP authenticationClick here for step-by-step instructions on completing this lab

Page 37: Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating

Student Resources

Click here to view the list of resources used in this module


Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate

EQ, Active Listening & Risk Authentication. Improving Your EQ and Active Listening Skills Will Make You Better at Authenticating Risk and Closing More

Authenticating Wireless Nodes in Building Automation ... · Extending IPv6 down to the field level • Sensor networks coalesce with existing IT networks • Authentication requires

Chapter 6 Authenticating People. FIGURE 6.0.F01: Authentication to protect computer resources

Module 9 Authenticating and Authorizing Users

Authenticating and Importing Users with AD and LDAP · Lightweight Directory Access Protocol (LDAP). This allows user authentication and validation ... Authenticating and Importing

Plugged Authentication Module

Developer Guide - PayPal...PayPal Here Android SDK ~ Developer Guide • Each request must contain an authentication token; see . Authenticating SDK operations. The workflow . An app

Information authenticating apparatus and authenticating station

Authentication and Privacy with Application to Pervasive Computing · Abstract Knowing who you are interacting with, i.e. authenticating their identity, is crucial to achieve security

Authenticating Credentials Tutorial

Module 9 Authenticating and Authorizing Users. Module Overview Authenticating Connections to SQL Server Authorizing Logins to Access Databases Authorization

Ericom AccessNow Authenticating Users Using SecurAccess ... · SecurAccess provides two-factor, strong authentication for remote Access solutions (such as AccessNow), without the

203 Module 4 Advanced Authentication

Operational Manual for Document Authentication and ... Manual for Document...Authenticating and registering trading companies memorandum of association and article of ... document

Linux-PAM Pluggable Authentication Module Pluggable Authentication Module Collection of libraries (modules) that allow a system administrator to decide

External Authentication with Windows 2008 Server with ... 2008 rras... · External Authentication with Windows 2008 Server with Routing and Remote Access Service Authenticating Users

Version 2 Release 3 z/OS - IBM€¦ · IBM Multi-Factor Authentication for z/OS, RACF® provides support for authenticating with multiple authentication factors. RACF users can be

Authenticating Administration UI Users Using PAM or LDAP · or the Apache Directory Studio open-source application. Configuring LDAP Authentication Without Active Directory To configure

Woods Authenticating Realism

VMS Authentication Module - Process

Authenticating Users

Authenticating People and Machines over Insecure Networksblogs.ubc.ca/computersecurity/files/2012/01/PAKE.pdf · The authentication server then hands these credentials back to the

Silverlight Business Apps: Module 3 - Authentication, Validation

Module 1: SQL Server Security Lab: Authenticating Users

Chapter 6 Authenticating People. Chapter 6 Overview Elements of Authentication Passwords –Evolution of Password Systems –Password Guessing –Attacking

Practice Guideline for Authenticating Professional Documents · Practice Guideline for Authenticating Professional Documents. ... Page | 2 Practice Guideline for Authenticating Professional

Silverlight Business Apps: Module 3 - Authentication ...az12722.vo.msecnd.net/silverlight4trainingcourse1-3/la… · Web viewSilverlight Business Apps: Module 3 - Authentication,

CS 356 – Lecture 4 User Authenticationgersch/cs356/356lecture04.pdf · User Authentication the four means of authenticating user identity are based on: something the individual

Authenticating with SSSD - SUSECON(Part 1) •Replaces less desirable authentication solutions ‒winbind ‒nscd ‒pam_ldap ‒nss_ldap •Secure framework for multiple authentication

Module 5 Configuring Authentication

Module 4 Forms Based Authentication

Handle Tool · Handle Tool 6 4. Authentication You must have an administrative handle to use for authentication in order to administer handles. When authenticating yourself you will

Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated

WEB AUTHENTICATION PASSWORD DETECTION OF NETWORK … 4 Issue 2.pdf · Considering the above disadvantages of web authenticating users via passwords Therefore, we proposed a user authentication