[Top][Contents][Next][Last][Search]

Ascend Customer Service

About This Guide

How to use this guide
What this guide does not contain
What you should know
Documentation conventions
Manual set

Chapter 1 Getting Started: Basic Security Measures

Introducing Security profiles
Understanding basic security measures
Activating the Full Access profile
Changing the Full Access password
Setting the Default profile for read-only access
Changing the SNMP read-write community string
Assigning a Telnet password
Requiring profiles for incoming connections
Turning off ICMP redirects
Specifying the number of retry attempts
Retrieving configuration updates from RADIUS

Chapter 2 Setting Up Security Profiles

Understanding Security profiles
Configuring a Security profile
Activating a Security profile
Using the Full Access profile

Chapter 3 Setting Up User Authentication

Introducing user authentication
Types of Authentication
CLID (Calling Line ID)
Called Number
Callback
Name and password
How does user authentication work?
Setting up CLID authentication
General guidelines
CLID authentication requirement options
Setting up authentication using a name, password, and calling line ID
Setting up authentication using a calling line ID only
Setting up called number authentication
Setting up called number authentication options
Setting up authentication using a name, password, and called number
Setting up authentication using the called number only
Setting up callback security
Ascend callback security
Microsoft's Callback Control Protocol (CBCP)
Ascend's implementation of CBCP
Negotiation of CBCP
Configuring Microsoft's CBCP to use a Connection Profile
Setting up call authentication via serial AIM ports
Understanding serial call authentication
Configuring serial port passwords
Setting up authentication of PPP, MP, and MP+ calls
Understanding PPP, MP, and MP+
Understanding PAP, CHAP, and MS-CHAP
How PAP works
How CHAP works
How MS-CHAP works
Configuring PAP, CHAP, or MS-CHAP for PPP, MP, and MP+ calls
Setting system-wide parameters
Setting Connection profile parameters
Setting Name/Password profile parameters
Disabling groups of dial-in calls with the Name/Password profile
Using a RADIUS user profile
Requesting PAP, CHAP, or MS-CHAP for outgoing calls
Setting up authentication for dial-in terminal server users
How terminal server authentication works
Standard terminal server authentication
Per-user terminal server authentication
Configuring terminal server authentication
Using an Answer or Connection profile as a template
Restricting Telnet, raw TCP, and Rlogin access to the terminal server
Setting up Combinet authentication
Understanding Combinet authentication
Setting system-wide parameters
Setting Connection profile parameters
Setting up a RADIUS user profile
Setting up ARA authentication
Understanding ARA authentication
Setting system-wide parameters
Setting Connection profile parameters
Setting Name/Password profile parameters
Preventing dial-in calls with the Name/Password profile
Using a RADIUS user profile
Using a SecurID server with AppleTalk Remote Access (ARA)
Setting up X.25 authentication
Setting up IP addressing
Specifying a static IP address
Assigning a dynamic IP address to a caller requesting one
Requiring that a caller accept an IP address from the MAX
Using Name/Password profiles to prevent IP address spoofing
Setting up an authentication server
Understanding authentication servers
Configuring the MAX to use a TACACS or TACACS+ server

Chapter 4 Defining Static Filters

Introduction to Ascend filters
How packet filters work
Data filters for dropping or forwarding certain packets
Overview of filter profiles
Filtering inbound and outbound packets
Specifying and activating an input or output filter
Defining generic filter conditions
Defining IP filter conditions
Defining IPX filter conditions
Specifying a data filter in a profile
Specifying a data filter for the WAN interface
Specifying a data filter for the local Ethernet interface
Sample filters
A sample IP filter to prevent address spoofing
A sample IP filter for more complex security issues

Chapter 5 Setting Up Security-Card Authentication

How security cards work
Security card authentication with RADIUS
Direct SecurID ACE authentication
Understanding security-card authentication methods
Setting up incoming security-card calls
Setting up outgoing security-card calls
Configuring the MAX to recognize the authentication server
Configuring the MAX to recognize the APP Server utility
Setting up a dial-out connection to a secure site
Requesting PAP-TOKEN authentication
Requesting CACHE-TOKEN authentication
Requesting PAP-TOKEN-CHAP authentication
Installing the APP Server utility
Getting the right version of the utility
Creating banner text for the password prompt
Installing the APP Server utility for DOS
Installing the APP Server utility for Windows 3.1
Installing the APP Server utility for Windows 95
Installing the APP Server utility for Windows NT
Installing the APP Server utility for UNIX
Dialing a connection to a secure site
Connecting to a remote network from the terminal server
Connecting to a remote network from a DOS workstation
Connecting to a remote network from a Windows workstation
Connecting to a remote network from a UNIX workstation
How the SecurID ACE/Server works without RADIUS
NextCode Mode
New PIN Mode
User-chosen PIN
Server-chosen PIN
Configuring direct SecurID ACE authentication
Configuring user shell settings on the ACE server
Shell string structure
Conventions
Examples of String Contents:
String errors
Configuring PAP-TOKEN-CHAP using direct ACE authentication
Configuring direct Defender server authentication
How Defender server authentication works
When no authentication host is available

Chapter 6 Setting Up User Authorization

Setting up terminal server security
Turning terminal server operation on or off
Sample prompts
Understanding how the third login prompt works
Restricting the use of terminal server commands and protocols
Configuring per-user access to terminal server commands
Dealing with unauthorized Telnet and terminal server sessions
Restricting access to the Immediate Modem feature
Understanding per-user Immediate Modem access restriction
Understanding password restriction for Immediate Modem
Configuring access to the Immediate Modem feature
Disconnecting a user's terminal server session
Displaying a list of active terminal server sessions
Killing an active terminal server session
Setting up SNMP security
Password-protecting SNMP
Configuring the SNMP manager to use SNMP authentication
Setting up SNMP traps
Restricting the hosts that can issue SNMP commands
Setting up DNS (Domain Name System)
Setting global DNS parameters
Sample DNS configuration
Setting connection-specific DNS parameters
Disabling remote management access
Password-protecting Telnet access
Understanding secure Dynamic Bandwidth Allocation

Index



[Top][Contents][Next][Last][Search]

techpubs@eng.ascend.com

Copyright © 1998, Ascend Communications, Inc. All rights reserved.