From: Regan Van Der Hoven (Regan.vanderhoven@xxxxxxxxxxxxx)
Date: Tue Oct 03 2000 - 05:23:50 GMT-3
We are doing some work for our clients regarding a pix firewall using
inbound aaa authentication and aaa authorization onto an ACS 2.3 Unix box.
>From my understanding, A user could for example Authentication via say
"telnet", but be authorized to do say only use "http". This would mean that
once authenticated their telnet session would be closed, and they would be
allowed to access the authorized device(s) via http. This means that that
the firewall can only track there IP address as being secure, between when
the user is authenticated and authorized for a different (port), i.e.
service. This seems like a security hole and without (layer 2) encryption,
would leave the PIX open to IP spoofing and Session hijacking.
I have looked everywhere but no one seems to know exactly how this Proxy
Authentication works, and how the user is tracked as being (Authenticated)
between the aaa Authentication and authorization phases.
If you have any information regarding this could you please let me know.
Thanks in advance...
Regards,
Regan
Email regan.vanderhoven@nscglobal.com
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:23 GMT-3