Policy-based authentication and authorization: secure access to the network infrastructure

A gaping hole in many of today´s networks is the weak security surrounding the network devices themselves-the routers, the switches and the access servers. In all public networks and in some private networks, the network devices are shared virtually among different user communities. Access to the configuration schemes and command lines is most often an “all or nothing” proposition-the network administrator gets either read-only privileges or read/write privileges. In this case, authentication equals authorization. Herein lies the problem. Security policies may mandate that certain administrators have read-only capabilities for all device parameters and read/write capabilities for a certain subset of commands. Each administrator may have a unique access profile. Authentication verifies identity; authorization verifies privileges. This paper addresses the value of using a centralized, provisioned management structure that disseminates network policies and administration privileges to all the devices that make up the network infrastructure