![[Top]](../../images/home.jpg)
![[Contents]](../../images/contents.jpg)
![[Next]](../../images/next.jpg)
![[Last]](../../images/index.jpg)
![[Search]](../../images/search.jpg)
- Ascend Customer Service
About This Guide
- How to use this guide
- What this guide does not contain
- What you should know
- Documentation conventions
- Manual set
Chapter 1 Getting Started: Basic Security Measures
- Introducing Security profiles
- Understanding basic security measures
- Activating the Full Access profile
- Changing the Full Access password
- Setting the Default profile for read-only access
- Changing the SNMP read-write community string
- Assigning a Telnet password
- Requiring profiles for incoming connections
- Turning off ICMP redirects
- Specifying the number of retry attempts
- Retrieving configuration updates from RADIUS
Chapter 2 Setting Up Security Profiles
- Understanding Security profiles
- Configuring a Security profile
- Activating a Security profile
- Using the Full Access profile
Chapter 3 Setting Up User Authentication
- Introducing user authentication
- Types of Authentication
- CLID (Calling Line ID)
- Called Number
- Callback
- Name and password
- How does user authentication work?
- Setting up CLID authentication
- General guidelines
- CLID authentication requirement options
- Setting up authentication using a name, password, and calling line ID
- Setting up authentication using a calling line ID only
- Setting up called number authentication
- Setting up called number authentication options
- Setting up authentication using a name, password, and called number
- Setting up authentication using the called number only
- Setting up callback security
- Ascend callback security
- Microsoft's Callback Control Protocol (CBCP)
- Ascend's implementation of CBCP
- Negotiation of CBCP
- Configuring Microsoft's CBCP to use a Connection Profile
- Setting up call authentication via serial AIM ports
- Understanding serial call authentication
- Configuring serial port passwords
- Setting up authentication of PPP, MP, and MP+ calls
- Understanding PPP, MP, and MP+
- Understanding PAP, CHAP, and MS-CHAP
- How PAP works
- How CHAP works
- How MS-CHAP works
- Configuring PAP, CHAP, or MS-CHAP for PPP, MP, and MP+ calls
- Setting system-wide parameters
- Setting Connection profile parameters
- Setting Name/Password profile parameters
- Disabling groups of dial-in calls with the Name/Password profile
- Using a RADIUS user profile
- Requesting PAP, CHAP, or MS-CHAP for outgoing calls
- Setting up authentication for dial-in terminal server users
- How terminal server authentication works
- Standard terminal server authentication
- Per-user terminal server authentication
- Configuring terminal server authentication
- Using an Answer or Connection profile as a template
- Restricting Telnet, raw TCP, and Rlogin access to the terminal server
- Setting up Combinet authentication
- Understanding Combinet authentication
- Setting system-wide parameters
- Setting Connection profile parameters
- Setting up a RADIUS user profile
- Setting up ARA authentication
- Understanding ARA authentication
- Setting system-wide parameters
- Setting Connection profile parameters
- Setting Name/Password profile parameters
- Preventing dial-in calls with the Name/Password profile
- Using a RADIUS user profile
- Using a SecurID server with AppleTalk Remote Access (ARA)
- Setting up X.25 authentication
- Setting up IP addressing
- Specifying a static IP address
- Assigning a dynamic IP address to a caller requesting one
- Requiring that a caller accept an IP address from the MAX
- Using Name/Password profiles to prevent IP address spoofing
- Setting up an authentication server
- Understanding authentication servers
- Configuring the MAX to use a TACACS or TACACS+ server
Chapter 4 Defining Static Filters
- Introduction to Ascend filters
- How packet filters work
- Data filters for dropping or forwarding certain packets
- Overview of filter profiles
- Filtering inbound and outbound packets
- Specifying and activating an input or output filter
- Defining generic filter conditions
- Defining IP filter conditions
- Defining IPX filter conditions
- Specifying a data filter in a profile
- Specifying a data filter for the WAN interface
- Specifying a data filter for the local Ethernet interface
- Sample filters
- A sample IP filter to prevent address spoofing
- A sample IP filter for more complex security issues
Chapter 5 Setting Up Security-Card Authentication
- How security cards work
- Security card authentication with RADIUS
- Direct SecurID ACE authentication
- Understanding security-card authentication methods
- Setting up incoming security-card calls
- Setting up outgoing security-card calls
- Configuring the MAX to recognize the authentication server
- Configuring the MAX to recognize the APP Server utility
- Setting up a dial-out connection to a secure site
- Requesting PAP-TOKEN authentication
- Requesting CACHE-TOKEN authentication
- Requesting PAP-TOKEN-CHAP authentication
- Installing the APP Server utility
- Getting the right version of the utility
- Creating banner text for the password prompt
- Installing the APP Server utility for DOS
- Installing the APP Server utility for Windows 3.1
- Installing the APP Server utility for Windows 95
- Installing the APP Server utility for Windows NT
- Installing the APP Server utility for UNIX
- Dialing a connection to a secure site
- Connecting to a remote network from the terminal server
- Connecting to a remote network from a DOS workstation
- Connecting to a remote network from a Windows workstation
- Connecting to a remote network from a UNIX workstation
- How the SecurID ACE/Server works without RADIUS
- NextCode Mode
- New PIN Mode
- User-chosen PIN
- Server-chosen PIN
- Configuring direct SecurID ACE authentication
- Configuring user shell settings on the ACE server
- Shell string structure
- Conventions
- Examples of String Contents:
- String errors
- Configuring PAP-TOKEN-CHAP using direct ACE authentication
- Configuring direct Defender server authentication
- How Defender server authentication works
- When no authentication host is available
Chapter 6 Setting Up User Authorization
- Setting up terminal server security
- Turning terminal server operation on or off
- Sample prompts
- Understanding how the third login prompt works
- Restricting the use of terminal server commands and protocols
- Configuring per-user access to terminal server commands
- Dealing with unauthorized Telnet and terminal server sessions
- Restricting access to the Immediate Modem feature
- Understanding per-user Immediate Modem access restriction
- Understanding password restriction for Immediate Modem
- Configuring access to the Immediate Modem feature
- Disconnecting a user's terminal server session
- Displaying a list of active terminal server sessions
- Killing an active terminal server session
- Setting up SNMP security
- Password-protecting SNMP
- Configuring the SNMP manager to use SNMP authentication
- Setting up SNMP traps
- Restricting the hosts that can issue SNMP commands
- Setting up DNS (Domain Name System)
- Setting global DNS parameters
- Sample DNS configuration
- Setting connection-specific DNS parameters
- Disabling remote management access
- Password-protecting Telnet access
- Understanding secure Dynamic Bandwidth Allocation
Index
techpubs@eng.ascend.com
Copyright © 1998, Ascend Communications, Inc. All rights
reserved.