English Русский Contacts Site map Add to favorites
Profile
Registration
Login
Braindumps
Master braindump list
New braindumps
Submit a dump
Get latest dump
Forums
braindumps.com.ua
flame
Vendor
3COM (7)
Adobe (1)
BEA (1)
Checkpoint (22)
Cisco (20)
Citrix (17)
CIW (15)
Compaq (0)
CompTIA (51)
CWNA (2)
EMC (2)
Exin (4)
GEJOS (4)
HDI (1)
HP (4)
IBM (13)
Juniper (1)
Linux Prof Institute (LPI) (2)
Lotus (11)
Microsoft (2461)
Network Appliance (2)
Novell (16)
Oracle (414)
PLSQL (1)
PMI (4)
SAS (1)
Sun (87)
Teradata (4)
Authorization
Login:
Password:
RSS feed

Contacts
Certification links
Links
Authorized users can post comments.
Please log in or sign up.

back to list
Back to main forum		Check Point Certified Security Administrator NG, Management I 

АвторSubject: Q237
written 18 May 2008 18:07   View profile Jonnik  Edit/Delete  Answer  Answer with quotation
Explanation:
1.VPN-1 & FireWall-1 Password
The simplest authentication scheme provided on VPN-1/FireWall-1 is the VPN-1 & FireWall-1 Password scheme. This scheme relies on a unique username and password to authenticate users, which are stored in the users database in a user object that represents each user. The users database is stored on the management server and is installed to each enforcement module by the management server. A username can be up to 100 characters in length and can use any alphanumeric character. The password must be between four to eight characters. Figure below shows how the VPN-1 & FireWall-1 Password scheme works. In Figure below, the master VPN- 1/FireWall-1 users database resides on the management server. Each enforcement module also maintains a local copy of the users database, which is installed from the management server master database. The user authentication database allows each enforcement module to authenticate users locally, without having to pass the authentication request back to the master users database on the management server. This increases the performance and responsiveness of the enforcement module when authenticating.

OS Password The OS Password authentication scheme stands for operating system password, which as you might guess allows VPN-1/FireWall-1 enforcement modules to use the local operating system users database for authentication. This scheme relies on a unique username and password to authenticate users, which are stored in the operating system users database on each enforcement module. For example, on Windows NT-based VPN-1/FireWall-1 enforcement modules, the Security Account Management (SAM) database represents the operating system users database. Figure below shows how the OS Password scheme works. In Figure below, notice that user objects still exist in the VPN-1/FireWall-1 master users database on the management server, which is downloaded to the enforcement module to allow local authentication. User objects are not configured with a password-instead the authentication scheme is configured as OS Password. When a user connects and specifies a username that matches a user object configured with OS Password, the enforcement module passes the username and password to the local operating system for authentication against the operating system authentication database. The passwords for each user must be configured at the operating system level, as all passwords reside in the operating system authentication database. It is highly recommended you not use the OS Password authentication scheme for two reasons. The first and most important reason is that you are providing users with the local account information of enforcement modules. If a username and password is intercepted, it could give the eavesdropper account credentials to gain access to the enforcement module operating system. Clearly this is a major security risk for your enforcement modules. The second reason is that in an environment with multiple enforcement modules, if you want a user to authenticate against each enforcement module with the same username and password, you must ensure the OS password for the user is the same on each enforcement module. This is another security risk and introduces administrative overheads, as you must explicitly synchronize each enforcement module every time a password change occurs.

Current tread:
back to list

Q237 - Go to question 18:07 18.05.08

back to list
Up ^ gen. 0.085 Server date 04:30 04-12-2008 Developed by Zip © 2006 Up ^
Checkpoint 156-210
Forum
Start online exam simulation
Master braindump
User braindumps
Forum
Main forum
Question comments