USER’S GUIDE

Multilevel security provides both user level security and device level security for local (on-node) database, Radius, and CSM. This provides added protection; first, a device will be authenticated, and then a particular user (on the device) will be authenticated.

The feature also allows the configuration of an on-node device database at the same time as an off- node device database. Calls first check the on-node database (if enabled) and then the off-node database for the correct device. Authentication is based on device information received from the first matching database.

SYSTEM OPTIONS AND INFORMATION

The second phase of security configuration involves the proper setting of administrative security options. We have thus far defined the selected type of security we plan to use. We now need to enable security options, provide system information, and configure administrative sessions.

System Options: You need to enable/disable PPP Link Security, Bridge MAC Address Security, IP Host ID Security, or Calling Line ID Security, based upon your network requirements.

System Information: You need to assign a system name, password, and secret to the CyberSWITCH for identification purposes.

Administrative Session Information: You can achieve secure administration sessions with flexible control through the configuration of certain options, such as:

Selecting an authentication database for administration sessions.

You may select an on-node database, a RADIUS server, a TACAS Server, or an ACE Server.

Specifying an inactivity session time-out.

Since there are only a limited number of sessions available, this avoids the problem of administrator lockout because a user forgets to logout from the system.

Restricting Telnet access.

This is done by allowing you to set the number of possible administrative Telnet sessions. Telnet access to the CyberSWITCH can be disabled, or the number of Telnet sessions can be limited to less than 3.

Accessing an emergency Telnet Server session.

To access an emergency Telnet Server session, you first need to configure an emergency Telnet Server port. If the system administrator needs a Telnet session and all available Telnet sessions are in use, they can then Telnet into this emergency port and disconnect inactive Telnet sessions and begin a session of their own.

DEVICE LEVEL DATABASES

If device level security or multi-level security has been chosen, then the next phase of security configuration involves setting up a device level authentication database, and then specifying the location of that database.

The CyberSWITCH provides dial in/dial out access for remote devices via ISDN connections. The information required to authenticate the remote device is maintained in a database that the system queries during connection establishment. The system allows this “device database” to be located in several optional environments.

162 CyberSWITCH

Page 162
Image 162
Enterasys Networks CSX5500, CSX6000, CSX7000 manual System Options and Information, Device Level Databases