Enterasys Networks CSX6000, CSX5500, CSX7000 User Level Databases, OFF-NODE Server Information

SECURITY OVERVIEW

User Level Databases

These environments include an on-node database and a variety of off-node, central authentication databases. The on-node database contains a list of valid devices that can access the network resources connected to the CyberSWITCH. This list of valid devices is configured and stored locally. A central database allows a network with more than one CyberSWITCH to access one database for device authentication. Supported central authentication databases for device level security include: CSM and RADIUS.

USER LEVEL DATABASES

If user level security or multi-level security has been chosen, then the next phase of security configuration involves enabling an off-node user level authentication database, and then specifying the Telnet port used to access that database. User level security is only available through an off-node authentication server. Servers supported are: RADIUS, TACACS, and ACE.

OFF-NODE SERVER INFORMATION

If an off-node authentication server has been chosen for device or user level security, then the next phase of security configuration requires that these servers are appropriately configured in the system.

CSM is an off-node, central database supported by the CyberSWITCH. CSM is installed on a Windows NT system that is local to the network. It operates with an SQL Server that can store data for thousands of users. A TCP connection allows the CyberSWITCH to communicate with CSM.

The Remote Authentication Dial-In User Service (RADIUS) is a central database supported by the CyberSWITCH. RADIUS operates using two components: an authentication server and client protocols. The RADIUS Server software is installed on a UNIX-based system that is local to the network. The client protocols allow the CyberSWITCH to communicate with the RADIUS server, ultimately authenticating devices.

The Terminal Access Controller Access Control System (TACACS) is a database supported by the CyberSWITCH. TACACS operates using two components: client code and server code. TACACS server software is installed on a UNIX-based system connected to the CyberSWITCH network. The client protocols allow the system to communicate with the TACACS server, ultimately authenticating devices.

Access Control Encryption (ACE) is a database supported by the system. ACE operates using two components: client code and server code. The ACE Server software is installed on a UNIX-based system connected to the network. The client protocols allow the CyberSWITCH to communicate with the ACE Server, ultimately authenticating users.

NETWORK LOGIN INFORMATION

The last phase of security configuration involves configuring network login information. If you are using User Level Security or Multilevel Security, you may customize banners and login configuration to suit the needs of your particular installation. You may also specify the number of login attempts and password change attempts. Specific login elements, such as prompt order, for RADIUS and TACACS are defined here.

Central Site Remote Access Switch 163