Chapter 6 - Authenticating Users

Abstract

Authentication is necessary when utilizing client-to-site or remote-access virtual private network (VPN) connections to ensure only authorized users are able to access resources inside the network. VPN-1/Firewall (FW)-1 next-generation provides with several different authentication schemes and user authentication methods, and one of them should be chosen to suit the organization's needs. This chapter describes the various options and provides some examples of the way they might be implemented into the current security policy structure. Some of the options available for authenticating users are SecurID, RADIUS, TACACS, operating system (OS) password, and VPN-1/FW-1 authentication. This chapter covers several authentication options in the policy. SecurlD is a two-factor authentication method that means two pieces of information are required before access is granted: a password and a token. Authentication via OS password means that FW-1 will refer to the user's account in the operating system for authentication.