Authentication, Authentication -17 – Enterasys Networks Security Router X-PeditionTM User Manual

Page 403

Advertising
background image

XSR Firewall Feature Set Functionality

XSR User’s Guide 16-17

Flooding attacks (TCP, UDP, ICMP) logs

Firewall start and restart

Failures (out of memory)

A sample Web access (port 80) permit alarm, which logs at level 4, displays:

FW: Permit: Port-2, Out TCP Con_Req, 10.10.10.10(1042) -> 192.168.1.200(80)
FW: TCP new session request. 10.10.10.10(1042) -> 192.168.1.200(80)
FW: Permit: Port-1, TCP Con_Est, 192.168.1.200(80) -> 10.10.10.10(1042)
FW: TCP connection closed 192.168.1.200(80) -> 10.10.10.10(1042)

A sample client open connection to the FTP server (port 21) alarm displays:

FW: Permit: Port-1, Out TCP Con_Req, 10.10.10.10(1056) -> 192.168.1.100(21)
FW: TCP new session request. 10.10.10.10(1056) -> 192.168.1.100(21)
FW: Permit: Port-1, TCP Con_Est, 192.168.1.100(21) -> 10.10.10.10(1056)

The IP addresses cited in firewall alarms are selected as follows:

If a syslog server is configured, alarms will contain the XSR IP address that is used to
contact the syslog server.

If no syslog server is configured, alarms will contain the IP address of the first circuit. FE1
will be checked first, then FE2, then any WAN interface until an IP address is obtained.

If no interfaces have been configured with an IP address, the hostname will be used.

Authentication

AAA services provide secure access across the firewall delineated by several levels: user, client and
session. This release supports only client authentication which verifies a remote host based on its
IP address. All firewall policy rules that specify allow-auth as the action check the source IP
address of the received packet in the auth cache before approving the session.

For the remote user, the XSR requires manual sign-on using Telnet to default port 3000 or another
configured port. The user is prompted for a user name and password, and those credentials are
checked with either an authenticating server (RADIUS) or local database on the XSR (see

Figure 16-12

).

Figure 16-12 Authentication Process

Telnet server

Firewall

DMZ

Internal

Servers

Authentication server

1

2

3

4

Internet

Advertising
Popular Brands
Popular manuals