Installation and Setup Guide
Chapter 3 - Getting Started32
7.3 HTTP Authentication
Authentication enables the following:
Ensures that only requests from bona-fide users are handled/processed.
Enables the allocation of different policies to different users and/or groups by matching
authentication data to user identifiers in the system.
Ensures that all logged transactions are attributed to the corresponding user.
In order to implement group, or user-based policies, some form of authentication is clearly
required (e.g. NTLM). This means that a network path must be enabled between Vital
Security and an LDAP server so that it can originate LDAP queries to the LDAP server.
Via the Management Console’s Main Navigation Settings tab, select Defaults
HTTP
Authentication in order to configure the Vital Security appliance.
Vital Security can also allow another downstream HTTP proxy to perform the authentication,
in which case:
A downstream proxy needs to be configured to append headers containing user and group
information to requests.
Vital Security should be configured so that it can recognize the specific headers used by
the downstream proxy.
Vital Security can also pass these headers on to the next proxy or alternatively remove
them before submitting the request over the Internet.
8 Working with ICAP
ICAP stands for Internet Content Adaptation Protocol. ICAP is used in conjunction with
caching proxies such as Network Appliance NetCache or BlueCoat Proxy SG. ICAP
configurations typically require significant tuning to maximize the benefits.
For more information about ICAP, go to www.I-cap.org
8.1 Why work with ICAP?
One of the reasons is that if you are working with a caching proxy that supports the ICAP
protocol, you can achieve significant performance benefits from configuring Vital Security as
an ICAP server rather than an HTTP proxy. This is because only the relevant (potentially
dangerous) traffic is submitted for scanning. For example, gif files go straight through without
being scanned.
To Next Page
Loading...
Need help?
General
