Identity and Access Control Deployment

Figure 10-15 illustrates examples of where authentication can take place in the Cisco Enterprise

Architectures, including the following locations:

■ Dialup access points, where any subject can establish a dialup connection to the network; authentication is necessary to distinguish between trusted and untrusted subjects.

■ WAN and VPN infrastructures, where network devices authenticate each other on WAN or VPN links, thereby mitigating the risk of infrastructure compromise or misconfiguration. WAN peer authentication usually involves PPP mechanisms and routing protocol authentication. In a VPN, authentication is embedded in the VPN security protocols—most often IPsec and Internet Key Exchange (IKE).

■ LAN access, where a network device (switch) authenticates the user, typically with IEEE 802.1X, before allowing access to the switched network.

■ Wireless access, where only an authenticated user can establish an association with a wireless AP using IEEE 802.1X.

■ Firewall authentication, where users must prove their identity when entering a critical network that is protected by a firewall.

Figure 10-15 Trust and Identity Management Enterprise Campus

Enterprise Edge

Figure 10-15 Trust and Identity Management Enterprise Campus

Enterprise Edge

NOTE Secure Shell (SSH) supports secure Telnet access between applications and router resources.

Authentication validation should be deployed as close to the network edge as possible, with strong authentication required for access from external and untrusted networks.

Access controls to enforce policy are deployed at various locations:

■ Source-specific rules (to any destination) should be applied as close to the source as possible.

■ Destination-specific rules (from any source) should be applied as close to the destination as possible.

■ Mixed rules, using combinations of specific sources and destinations, should be applied as close to the source as possible.

The principle of least privilege should be followed. This principle is based on the practice by which each subject is given only the minimal rights that are necessary (access permissions) to perform the subject's tasks. For example, if a user needs to access a particular web server, the firewall should allow that user to access only the specified web server. In reality, however, enterprises often introduce lenient rules that allow subjects greater access than they require, which can result in deliberate or accidental confidentiality and integrity breaches. Highly distributed rules afford greater granularity and overall performance scalability at the cost of management complexity. Centralized rules provide easier management at the cost of scalability.

The principle of defense in depth should also be followed. This principle suggests that security mechanisms should be fault-tolerant; that is, a security mechanism should have a backup security mechanism. This is also called the belt-and-suspenders approach—both the belt and suspenders are used to ensure that the trousers stay up. An example includes using a dedicated firewall to limit access to a resource and then using a packet-filtering router to add another line of defense.

Was this article helpful?

0 0

Post a comment