Web OS 10.0 Application GuideChapter 5: Secure Switch Management n 101212777-A, February 2002Secure Switch ManagementSecure switch management is needed for environments that perform significant managementfunctions across the Internet. The following are some of the functions for secured manage-ment: Authentication of remote administratorsAuthentication is the action of determining and verifying who the administrator is; it usu-ally involves a name and a password. The password can be either a fixed password or achallenge-response query. Authorization of remote administratorsOnce an administrator has been authenticated, authorization is the action of determiningwhat that user is allowed to do. Authorization does not merely provide yes or no answersbut may also customize the service for a particular administrator. Encryption of management information exchanged between the remote administrator andthe switchExamples of protocols to encrypt management information are SSH (Secure Shell) andSCP (Secure Copy).Authentication and AuthorizationN OTE – While authentication and authorization (AA) protocols and servers are designed toauthenticate remote dial-up users (in addition to authorizing remote access capabilities tousers), this overview is focused on using the AA model to authenticate and authorize remoteadministrators for managing a switch.The AA model is based on a client/server model. The Remote Access Server (RAS)—theswitch—is a client to the back-end database server. A remote user (the remote administrator)interacts only with the RAS, not the back-end server and database.Two prominent AA protocols used to control dial-up access into networks are Cisco’sTACACS+ (Terminal Access Controller Access Control System) and Livingston Enterprise’sRADIUS (Remote Authentication Dial-In User Service). Web OS supports only the RADIUSauthentication method.