Cabletron Systems CyberSWITCH CSX150 User Manual

Also see for CyberSWITCH CSX150: User guide Quick start guide

Contents

SECURITY OVERVIEWOVERVIEWSecurity is an important issue to consider when you are setting up a network. The CyberSWITCHprovides several security options, and this chapter describes the “Big Picture” of how these optionswork and interoperate. This information will better equip you to proceed with the following phasesof security configuration:1. configuring the level of security2. configuring system options and information3. configuring device level databases4. configuring user level databases5. configuring off-node server information6. configuring network login informationThese phases of security configuration are described in detail in the following chapters.S ECURITY LEVELThe first phase of security configuration is selecting the type of security for your network. TheCyberSWITCH offers the following options for Network Security: no security, device level security,user level security, or device and user level security.If you opt to use no security, for example with a bridged network, no further security configurationis required. No database is needed for this option.Device level security is an authentication process between internetworking devices. Authenticationhappens automatically without any human intervention. The devices authenticate each other usinga specific authentication protocol, based on preconfigured information. Both bridges and routerssupport device level security.If you select device level security for your network, you may specify to use the on-node database,VRA Manager, or RADIUS for the authentication database.User level security is an authentication process between a specific user and a device. In contrast tothe device level security, this authentication process is performed interactively. Interactive usersecurity may use security token cards. Token cards are credit card-sized devices. The systemsupports a security token card called SecurID, provided by Security Dynamics.The SecurID card works on a “passcode” concept, which consists of three factors:• the user’s name• the user’s password• a dynamically-generated value (from the SecurID card)If you select user level security for your network, you may specify to use RADIUS (with limitedcapabilities), TACACS, or ACE server.