authentication
Click on the red underlined text to get to the source
... effective password policy, and by setting guidelines for remote
location authentication and the use of authentication devices
(e.g., one-time passwords ...
... password policy, and by setting guidelines for remote
location authentication and the use of authentication devices
(e.g., one-time passwords and the devices that generate them).
...
... routine traffic can be diverted to a compromised system to be
monitored; or, users can be tricked into providing authentication
secrets. An organization should create well known, protected sites
...
... Authentication/Proxy Servers (SOCKS, FWTK) ...
... a point-to-point manner. However, FTP requires authentication while
TFTP requires none. For this reason, TFTP ...
... be clear that: the security server should not be accessible from
off-site; should offer minimum access, except for the authentication
function, to users on-site; and should not be co-located with any
...
... access control lists to
protocols, requiring users or systems to provide some level of
authentication before access is granted. Smarter proxy servers,
sometimes called Application Layer ...
... Authentication ...
... these passwords were used by users at terminals to authenticate
themselves to a central computer. At the time, there were no
networks ...
... S/Key), PGP, and token-based authentication devices, people are using
password-like strings as secret tokens ...
... tokens and pins are not properly selected and protected, the
authentication will be easily subverted.
...
...
Several authentication techniques have been developed that address
this problem. Among these techniques are challenge-response ...
... Kerberos is a distributed network security system which provides for
authentication across unsecured networks. If requested by the
application, integrity and encryption ...
... after properly communicating with the KDC. These tickets are used
for authentication between principals. All tickets include a time
stamp which limits the time period for which the ticket is valid ...
... Password/account blocking - Some sites find it useful to disable
accounts after a predefined number of failed attempts to
authenticate. If your site decides to employ this mechanism, it
is recommended that the mechanism not "advertise" itself. After
disabling, even if the correct password ...
... Authorization refers to the process of granting privileges to
processes and, ultimately, users. This differs from authentication
in that authentication is the process used to identify a user. Once
...
... processes and, ultimately, users. This differs from authentication
in that authentication is the process used to identify a user. Once
identified (reliably), the privileges, rights, property, and
...
...
A walk-up host should be authenticated before its user is permitted
to access resources on your network. As an alternative, it may be
...
... User Groups whenever this is possible. Technologies which provide
authentication and/or encryption (such as IPv6) are evolving rapidly;
...
... Dial-in Users Must Be Authenticated ...
... dial-in point (e.g., a single large
modem pool) so that all users are authenticated in the same way.
...
... Some dial-in servers offer call-back facilities (i.e., the user dials
in and is authenticated, then the system disconnects the call and
calls back on a specified number). Call-back is useful since if
someone were to guess a username ...
... phone numbers or make other changes); use the data for informational
purposes only, not for authentication.
...
... Dial-out Authentication ...
...
Dial-out users should also be authenticated, particularly since your
site will have to pay their telephone charges.
...
... dial-out from an unauthenticated dial-in call, and
consider whether you will allow it from an authenticated one. The
goal here is to prevent callers using your modem ...
... S. Bellovin, and M. Merritt, "Limitations of the Kerberos Authentication System", Computer Communications Review, October 1990. ...