English Русский Contacts Site map Add to favorites
Profile
Registration
Login
Braindumps
Master braindump list
New braindumps
Submit a dump
Get latest dump
Forums
braindumps.com.ua
flame
Vendor
3COM (7)
Adobe (1)
BEA (1)
Checkpoint (22)
Cisco (20)
Citrix (17)
CIW (15)
Compaq (0)
CompTIA (51)
CWNA (2)
EMC (2)
Exin (4)
GEJOS (4)
HDI (1)
HP (4)
IBM (13)
Juniper (1)
Linux Prof Institute (LPI) (2)
Lotus (11)
Microsoft (2461)
Network Appliance (2)
Novell (16)
Oracle (414)
PLSQL (1)
PMI (4)
SAS (1)
Sun (87)
Teradata (4)
Authorization
Login:
Password:
RSS feed

Contacts
Certification links
Links
Authorized users can post comments.
Please log in or sign up.

back to list
Back to main forum		Check Point Certified Security Administrator NG, Management I 

АвторSubject: Q234
written 18 May 2008 18:07   View profile Jonnik  Edit/Delete  Answer  Answer with quotation
Explanation:
Client Authentication
Check Point VPN-1/FireWall-1 provides two other authentication methods, which provide authentication for any service. The first of these is client authentication, which provides authentication for any service by using out-of-band authentication, rather than in-band authentication (which is used for user authentication). With user authentication, all authentication is performed within the HTTP, FTP, TELNET, or RLOGIN connection on the client host-this means that authentication is performed in-band, as part of the application-layer protocol. With client authentication, a user on a client host must first of all establish a separate connection to the enforcement module and authenticate, after which the client can then establish a connection using the permitted services in the client authentication rule on the enforcement module. The authentication is totally separate from the actual application-layer protocols that the user is accessing, hence the term outofband. The out-of-band connections to the enforcement module can be established using either of the following mechanisms:
HTTP You can point your web browser to Port 900 on the enforcement module, which provides a connection to the HTTP security server for client authentication purposes. A special web page is presented, which allows you to specify your username and password, after which you can choose to gain access to all services permitted in the client authentication rule, or specific hosts and services on each.
TELNET You can establish a TELNET connection to Port 259 on the enforcement module, which provides a connection to the TELNET security server for client authentication purposes. You specify your username and password, after which you can choose to gain access to all services permitted in the client authentication rule, or specific hosts and services on each. Once a user has successfully authenticated, access to the hosts and services specified by the client authentication rule (or access to the hosts and services specified by the user during the authentication process) is provided. It is important to note that the IP address of the host is permitted, meaning that one or more users on the host can establish as many connections to permitted hosts and services as they like. For example, if a user called alice on a PC with an IP address of 192.168.1.10 performs client authentication successfully, another user could use Alice's PC and be permitted access through the enforcement module, even though the access is intended for alice. This is less secure than user authentication, where access is granted on a perconnection basis. With client authentication, although authentication is performed on a user basis, access is actually granted on a per-IP address basic .

Current tread:
back to list

Q234 - Go to question 18:07 18.05.08

back to list
Up ^ gen. 0.079 Server date 04:33 04-12-2008 Developed by Zip © 2006 Up ^
Checkpoint 156-210
Forum
Start online exam simulation
Master braindump
User braindumps
Forum
Main forum
Question comments