 10
2.4 RolesandServices
Theswitchsupportsupto5000simultaneoususersessionsusingInternetProtocol
Security(IPSec),Point-to-PointTunnelingProtocol(PPTP),LayerTwoTunneling
Protocol(L2TP),andLayerTwoForwarding(L2F).Inaddition,anadministratormay
securelyconfiguretheswitcheitherlocallyorremotely.Remoteadministrationissecured
byoneofthesecuretunnelingprotocolssupportedbythebox.Theadministratorselects
whichprotocolsareusedfromtheServices-Availablemenu.
TheSwitchemploysrole-basedauthenticationofusers,andstoresuseridentity
informationinaninternalLightweightDirectoryAccessProtocol(LDAP)database.
Authenticationcanoptionallybeperformedagainstavarietyofexternalserversusing
LDAPorRADIUS,includingNovellNDS,MicrosoftWindowsNTDomains,Security
DynamicsACEServer,andAxentOmniGuardDefender.
Service CryptoOfficer User
ConfiguretheSwitch
CreateUserGroups
CreateUsers
ModifyUserGroups
ModifyUsers
DeleteUserGroups
DeleteUsers
DefineRulesandFilters
StatusFunctions
ManagetheSwitch
EncryptedTraffic
ChangePassword
Table2–MatrixofServices
Usersmayassumeoneoftworoles:CryptoOfficerroleorUserrole.Anadministratorof
theswitchassumestheCryptoOfficerroletoconfigureandmaintaintheswitch.The
CryptoOfficerrolemayhavethefollowingrights:
Switchmanagementrights:(none,viewswitch,ormanageswitch).View
switchpermitsanadministratortoviewalltheconfigurationandstatus
informationontheswitch.Manageswitchpermitsanadministratorto
configuretheswitchandchangecriticalsettings.
Usermanagementrights:(none,viewusers,ormanageusers).Viewusers
permitsanadministratortoreviewalluseraccountsandsettingsontheswitch.
Manageusersrightsallowsanadministratortocreate,modify,anddelete
users.
AUserauthenticatesandassumestheUserroletoaccessthefollowingservices: