USER’S GUIDE
32 CyberSWITCH
SECURITY OVERVIEW
The system provides several options for validating remote devices and for managing network
security. The security options available are dependent on the remote device type, type of access,
and the level of security required.
Levels of security include no security, devic e level security, user level security, and multi-level
security. Device leve l security is an authen tication process be tween devices, base d on protocol and
preconfigured information. Security information is configured either in the system’s On-node
Device Database, or in a central database such as the VRA Manager. Here the network
administrator specifies all of the security information for each individual user. A portion of this
information is used to identify the remote device . The remaining data is used to perform user
validation after user identification has b e e n completed.
User level security is an interactive process. It is currently supported on the system through the
TACACS or ACE server programmed for use with security token cards. With user le ve l security,
the potential network user explicitly connects to the server and must properly “converse” with it
in order to connect with othe r devices beyond the serv er .
Important to user level authenticat ion is the security token card. This card, programmed in
conjunction with the authenticati on server, generates random passwords. Th e se passwords must
be supplied correctly at system login time, or access to the network will be denied. The security
token cards should be issued to each user on the net work to properly maintain system integrity.
Multi-level security provides device level secur ity for all remote devices. Individual de vices may
be configured for user level authentica tion as well. In this case, device level authentication takes
place between the system and the remote device. Then a specific user must initiate user level
authentication by starting a Telnet session. Both levels of authentication must be satisfied bef ore
traffic can pass.
NETWORK INTERFACE OVERVIEW
The network interfa ce is the physica l connection of the CyberSWITCH to a data network. Fo r
example, the Ethernet resource in the system provides a network interface to an Ethernet LAN. The
ISDN lines in the system provide netw ork i nter fac es t o mul tipl e r emote net work s. Becau se of the ir
switched nature, the ISDN lines provide virtual ne twork interfaces. That is, the same physical IS DN
line can actually connect to different remote networks by dialing a different phone number.
The CyberSWITCH provides a set of network interfaces that give you a wide range of flexibility.
The network interfaces provided by the system are:
LAN IP Network Interface
LAN IPX Network Interface
WAN IP Network Interface
WAN (Direct Host) IP Network Interface
WAN RLAN IP Network Interface
WAN RLAN IPX Network Interface
WAN (UnNumbered) Network Interface