12 System Security

The Prestige incorporates a number of security measures to prevent unauthorized access to your network. For example, the Prestige supports both PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol) in authenticating a Remote Node. More information on CHAP and PAP can be found in Chapter 6.

By default, the Prestige can store information about up to eight different users. If more dial-up users are necessary, an external RADIUS (Remote Authentication Dial In User Service) server can be used to provide centralized user security.

In addition, the Prestige also implements a user password to get into the SMT screen. You will have three attempts to enter the correct system password. If you do not do so, the SMT will kick you out. In addition, the Prestige will only support one user in the SMT at one time.

Using RADIUS Authentication

In addition to the Prestige router’s built-in dial-up user list, which can hold up to eight users, it also supports an external authentication server which may provide password storage and usage accounting for thousands of users.

Installing a RADIUS Server

To use RADIUS authentication, you will need to have a UNIX- based machine on your network to act as a radiusd server, as well as a copy of the radiusd server program itself. You can

System Security 111

Page 125
Image 125
ZyXEL Communications 28641 user manual System Security, Using Radius Authentication, Installing a Radius Server