IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Hardware & Software Remarks
____________________________________________________________________ .........................................
- The authentication server verifies the user data and passes the results of the
validation process to the logon process.
- If the user has been successfully authenticated, access is now granted to the
(access) network.
Through the use of central authentication servers it is possible to ensure on the
one hand that the authentication data is consistently administered and on the
other hand that better authentication mechanisms can be used than are
supported as standard by the operating systems. In particular, smart card and
token-based mechanisms should be mentioned here. Depending on the system,
these generate, for example, one-time passwords which are shown on a
display and which the user must specify as password.
For medium-sized and large networks the use of authentication servers is
especially recommended in the RAS area as these offer a significantly higher
degree of security during user authentication. However, it should be noted that
these servers also have to be administered and maintained. An authentication
server must be positioned in the network in such a way that performance is
good while at the same time protection is provided against unauthorised
accesses.
Additional controls:
- Is the external authentication system supported by the operating system and
the RAS system?
- Does the RAS client software allow use of a smart card reader for smart
card-based authentication systems?
- What security mechanisms are offered by the external authentication
system?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000