Security
The RAS typically provides access control
while subscriber authentication is provided
by the Bay Networks TMS.When a user logs
into the RAS,the login includes the domain
name,which may also include the Dialed
Number Identification String (DNIS).The
TMS’s first function is to check the domain
name against the TMS database.The follow-
ing steps are followed for the authentication
process as shown in Figure 3:
1. User logs in with domain name.
2. RAS relays the login name,including
domain name,to the TMS.
3. TMS checks its database for a domain
name match.
4. TMS, upon authenticating the domain
name,sends accept packet to the RAS.
5. RAS initiates the tunnel registration
process including all relevant para-
meters with the gateway.The address
is identified within the accept packet.
This type of security includes RADIUS and
Access Control Protocol (ACP).ACP is a Bay
Networks protocol that can provide native
authentication services.Alternately,this type
of security could be implemented via
an interface to RADIUS authentication or
accounting servers.
Confidentiality
Bay Networks remote access platforms
encrypt ACPauthenticationmessages before
sending them to the ACP server.The server
decrypts the message,interprets it,and
responds with another encrypted message.
Data encryption is a critical component to
a VPN architecture.Phase I of BayStream
Dial VPN Services also supports Layer 3
encryption,since it must route data using
the information from the IP header.To
provide the end-to-end encryption required
by the Dial VPN service model,the remote
client and the CPE must perform encryption
and decryption since neither the RAS nor
the gateway curre nt ly include these facilities.
The RAS and gateway simply forward the
encrypted data as if it were normal clear-
text data.
As new techniques for encryption are inte-
grated to the product line,and as protocols
that provide “built-in”encryption services
(such as IPSEC) are made available,they
too will be considered an integral part of
BayStream Dial VPN Services.
Audit Trail
Bay Networks TMS provides logs that give
network operators a detailed picture of
events that have taken place,or are taking
place, within the network.As an aspect of
security, audit logs can indicate such events
as failed connection attempts or other
attacks on network resources at the point
of the attack.
TMS also provides logs indicating where
and when:
1. New subscribers were entered.
2. Changes were made.
3. New circuits were created.
Network Management
Network Planning
Bay Networks provides detailed documen-
tation for BayStream Dial VPN Services,
where everything from the idiosyncrasies
of configuring the CPE router to the ways
in which remote clients obtain their IP
addresses is described.
Element Configuration
Tools such as Bay Networks Site Manager,
Quick2Config
™
,and Annex Manager
™
are
used to configure Bay Networks equipment
quickly and easily.They’re designed to
reduce both the amount of time it takes
for technicians to learn how to install the
equipment and the amount of errors that
technicians will make as they configure the
equipment.The TMS is configured via an
easy-to-use command line interface on a
UNIX console.
Figure 3 BayStream Dial VPN Services Subscriber Authentication
12 White Paper Understanding and Implementing Dial VPN Services
(197 strony)
(76 strony)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji