Small Office Remote Access Switch 31T HE C YBERSWITCHSecurity OverviewS ECURITY OVERVIEWThe system provides several options for validating remote devices and for managing networksecurity. The security options available are dependent on the remote device type, type of access,and the level of security required.Levels of security include no security, device level security, user level security, and multi-levelsecurity. Device level security is an authentication process between devices, based on protocol andpreconfigured information. Security information is configured either in the system’s On-nodeDevice Database, or in a central database such as the VRA Manager. Here the networkadministrator specifies all of the security information for each individual user. A portion of thisinformation is used to identify the remote device. The remaining data is used to perform uservalidation after user identification has been completed.User level security is an interactive process. It is currently supported on the system through theTACACS or ACE server programmed for use with security token cards. With user level security,the potential network user explicitly connects to the server and must properly “converse” with itin order to connect with other devices beyond the server.Important to user level authentication is the security token card. This card, programmed inconjunction with the authentication server, generates random passwords. These passwords mustbe supplied correctly at system login time, or access to the network will be denied. The securitytoken cards should be issued to each user on the network to properly maintain system integrity.Multi-level security provides device level security for all remote devices. Individual devices maybe configured for user level authentication as well. In this case, device level authentication takesplace between the system and the remote device. Then a specific user must initiate user levelauthentication by starting a Telnet session. Both levels of authentication must be satisfied beforetraffic can pass.N ETWORK INTERFACE OVERVIEWThe network interface is the physical connection of the CyberSWITCH to a data network. Forexample, the Ethernet resource in the system provides a network interface to an Ethernet LAN. TheISDN lines in the system provide network interfaces to multiple remote networks. Because of theirswitched nature, the ISDN lines provide virtual network interfaces. That is, the same physical ISDNline can actually connect to different remote networks by dialing a different phone number.The CyberSWITCH provides a set of network interfaces that give you a wide range of flexibility.The network interfaces provided by the system are:• LAN IP Network Interface• LAN IPX Network Interface• WAN IP Network Interface• WAN (Direct Host) IP Network Interface• WAN RLAN IP Network Interface• WAN RLAN IPX Network Interface• WAN (UnNumbered) Network Interface