English Русский Contacts Site map Add to favorites
Profile
Registration
Login
Braindumps
Master braindump list
New braindumps
Submit a dump
Get latest dump
Forums
braindumps.com.ua
flame
Vendor
3COM (7)
Adobe (1)
BEA (1)
Checkpoint (22)
Cisco (20)
Citrix (17)
CIW (15)
Compaq (0)
CompTIA (51)
CWNA (2)
EMC (2)
Exin (4)
GEJOS (4)
HDI (1)
HP (4)
IBM (13)
Juniper (1)
Linux Prof Institute (LPI) (2)
Lotus (11)
Microsoft (2461)
Network Appliance (2)
Novell (16)
Oracle (414)
PLSQL (1)
PMI (4)
SAS (1)
Sun (87)
Teradata (4)
Authorization
Login:
Password:
RSS feed

Contacts
Certification links
Links
Authorized users can post comments.
Please log in or sign up.

back to list
Back to main forum		Check Point Certified Security Administrator NG, Management I 

АвторSubject: Q219
written 18 May 2008 18:07   View profile Jonnik  Edit/Delete  Answer  Answer with quotation
Explanation:
Session Authentication
Session authentication represents the third and final option for providing user-based authentication to determine access through a VPN-1/ FireWall-1 enforcement module. Session authentication is an out-ofband authentication mechanism (the other out-of-band mechanism is client authentication) that is designed to address the flexibility issues of user authentication and the security issues of client authentication. With user authentication, you learned that this mechanism only applies for HTTP, FTP, TELNET, and RLOGIN services, which rules it out as an authentication mechanism for other services. Client authentication provides flexibility by providing authentication for any service, but has issues with security as access is provided on a per-host (per-IP address) basis, allowing any number of connections from an authenticated host, regardless of the user on the host. User authentication does not have the security issues of client authentication, as HTTP, FTP, TELNET, and RLOGIN access is only provided on a perconnection basis, meaning another user cannot obtain unauthorized access by establishing a new connection from the host on which the previous user authenticated. Session authentication provides the security of per-connection authentication for any service, making it appear as the most obvious choice for authenticating access to services outside of HTTP, FTP, TELNET, and RLOGIN. The only downside to session authentication is that it requires a custom application to be installed on each client host using session authentication. This application, which is written by Check Point, is called the session authentication agent, and provides out-of-band authentication for each connection (or session) that requires authentication on an enforcement module. When the session authentication agent is installed and running, it listens on TCP port 261, which allows enforcement modules that need to authenticate a user for session authentication to contact the agent for authentication information.

Current tread:
back to list

Q219 - Go to question 18:07 18.05.08

back to list
Up ^ gen. 0.075 Server date 04:11 04-12-2008 Developed by Zip © 2006 Up ^
Checkpoint 156-210
Forum
Start online exam simulation
Master braindump
User braindumps
Forum
Main forum
Question comments