2
• Authorization—Grants user rights and controls user access to resources and services. For
example, a user who has successfully logged in to the device can be granted read and print
permissions to the files on the device.
• Accounting—Records all network service usage information, including the service type, start
time, and traffic. The accounting function provides information required for charging, and allows
for user behavior auditing.
AAA can be implemented through multiple protocols, such as RADIUS and HWTACACS, among
which RADIUS is most often used.
PKI
PKI uses a general security infrastructure to provide information security through public key
technologies. PKI employs the digital certificate mechanism to manage the public keys. The digital
certificate mechanism binds public keys to their owners, helping distribute public keys in large
networks securely. With digital certificates, the PKI system provides network communication,
e-commerce, and e-Government with security services.
The PKI system of Hewlett Packard Enterprise provides digital certificate management for IPsec and
SSL.
Access security
802.1X
802.1X is a port-based network access control protocol for securing wireless LANs (WLANs), and it
has also been widely used on Ethernet networks for access control. 802.1X controls network access
by authenticating the devices connected to 802.1X-enabled LAN ports.
MAC authentication
MAC authentication controls network access by authenticating source MAC addresses on a port. It
does not require client software and users do not need to enter a username and password for
network access. The device initiates a MAC authentication process when it detects an unknown
source MAC address on a MAC authentication enabled port. If the MAC address passes
authentication, the user can access authorized network resources.
Port security
Port security combines and extends 802.1X and MAC authentication to provide MAC-based network
access control. It applies to networks that require different authentication methods for different users
on a port, such as a WLAN. Port security prevents unauthorized access to a network by checking the
source MAC address of inbound traffic and prevents access to unauthorized devices by checking the
destination MAC address of outbound traffic.
Portal authentication
Portal authentication, also called "Web authentication," controls user access at the access layer and
other data entrance that needs protection. It does not require client software to authenticate users.
Users only need to enter a username and a password on the webpage for authentication.
With portal authentication, an access device redirects all unauthenticated users to a specific
webpage, and users can freely access resources on the webpage. However, to access other
resources on the Internet, a user must pass portal authentication on the portal authentication page.
Data security
Managing public keys
Public key configuration enables you to manage the local asymmetric key pairs (such as creating
and destroying a local asymmetric key pair, displaying or exporting the local host public key), and
configure the peer host public keys on the local device.
To Next Page
Loading...
Need help?
General
