|
Home
>
Rex Global Solutions
>
Check Point Solutions
>
Check Point Firewall-1
Check Point Firewall-1 Authentication
Check Point FireWall-1 and VPN-1
Gateways provide customers, including
remote users and telecommuters, with
secure, authenticated access to
enterprise resources using multiple
authentication schemes. User
authentication services securely
validate that the users attempting to
make a connection are who they say they
are before the communication is allowed
to proceed. Modifications to local
servers or client applications are not
required. Authentication services are
fully integrated into the
enterprise-wide security policy and can
be centrally managed through the
graphical user interface. All
authentication sessions can be monitored
and tracked through the Log Viewer.
FireWall-1 and VPN-1 Gateways provide
three authentication methods:
-
User Authentication
-
Client Authentication
-
Transparent Session Authentication
1. User Authentication
FireWall-1 and VPN-1 Gateways include
transparent User Authentication
providing access privileges on a per
user basis for FTP, Telnet, HTTP, and
RLOGIN connections, regardless of the
user's IP address. If a local user is
temporarily away from the office and
logging in from a different host, the
security administrator may define a rule
that allows that user to work on the
local network without extending access
to all users on the same host.
3. Transparent Session Authentication
Transparent Session Authentication can
be used to authenticate users of any
service or application on a per-session
basis. After the user initiates a
connection directly to the desired
server, the FireWall-1 or VPN-1 Gateway,
located between the user and the
destination, intercepts the connection,
recognizes that it requires user-level
authentication, and initiates a
connection with a Session Authentication
Agent running on the client. The Session
Authentication Agent performs the
required authentication, after which the
FireWall-1 or VPN-1 Gateway allows the
connection to continue to the requested
server if permitted by the security
policy. All authentication schemes (e.g.
SecurID token cards, RADIUS-based
solutions, static passwords) are
supported.
Check Point recognizes that
organizations may have specific user
authentication requirements. To meet
these varied needs, FireWall-1 and VPN-1
Gateways support the widest range of
user authentication methods in the
industry, including:
-
RADIUS (v1.0 and v2.0)
- The user is challenged for a
response, as defined by the RADIUS
server.
-
TACACS/TACACS+
-
The user is
challenged for a response, as
defined by the TACACS/TACACS+
server.
-
S/Key
- The user is challenged to enter
the value of requested S/Key
iteration.
-
OS Password
- The user is challenged to enter
his or her OS password.
-
Internal Firewall Password
-
The user is challenged to enter
his or her internal FireWall-1 or
VPN-1 Gateway password.
-
Axent
-
The user is challenged for
the response, as defined by the Axent Defender server.
-
SecurID
-
The user is challenged to
enter the number displayed on the
Security Dynamics SecurID token
card.
-
X.509 Digital Certificates
- The user authenticates themselves
by presenting their digital
certificate issued by a trusted
Certificate Authority.
|
