© 2011 Fujitsu Technology Solutions
29
2.1.5 Security Feature
SSL
Secure Socket Layer (SSL) is an application-level protocol that enables secure transactions of data
through privacy, authentication, and data integrity. It relies upon certificates and public and private keys.
SSL version 3 and TLS version 1 are currently supported.
SSH
Secure Shell (SSH) is a protocol that provides a secure, remote connection to an Ethernet Connection
Blade Module. SSH version 1 and version 2 are currently supported. The SSH server feature enables an
SSH client to establish a secure, encrypted connection with an Ethernet Connection Blade Module. This
connection provides functionality that is similar to an inbound telnet connection. SSH uses RSA Public
Key cryptography for Ethernet Connection Blade Module connections and authentication.
Port Based Authentication (802.1x)
Port based authentication enables authenticating system users on a per-port basis via an external
server. Only authenticated and approved system users can transmit and receive data. Ports are
authenticated via the Remote Authentication Dial In User Service (RADIUS) server using the Extensible
Authentication Protocol (EAP).
RADIUS Client
RADIUS is a client/server-based protocol. A RADIUS server maintains a user database, which contains
per-user authentication information, such as user name, password and accounting information. For more
information, see "Configuring RADIUS Global Parameters".
TACACS+ Client
TACACS+ provides centralized security for validation of users accessing the Ethernet Connection Blade
Module. TACACS+ provides a centralized user management system, while still retaining consistency
with RADIUS and other authentication processes.
LDAP Client
The Lightweight Directory Access Protocol, or LDAP, is an application protocol for querying and
modifying directory services running over TCP/IP. A directory is a set of objects with similar attributes
organized in a logical and hierarchical manner. The most common example is the telephone directory,
which consists of a series of names (either of persons or organizations) organized alphabetically, with
each name having an address and phone number attached. Due to this basic design (among other
factors) LDAP is often used by other services for authentication. In Ethernet Connection Blade, LDAP is
used for user authentication.
Denial of Service Enhancements
A denial-of-service attack is an attempt to make a computer’s resource unavailable to its intended users.
Here, the Ethernet Connection Blade uses this enhancements to prevent its resource being unavailable
to its intended users.
To Next Page
Loading...
