Chapter 6: User Authentication, Authorization, and Key Management

Chapter 6: User Authentication, Authorization, and Key Management

Overview

Encryption is only as effective as the system that controls the access to keys. In a VPN, as with almost any network, there are essentially two stages to a security system. The first is authenticating the user, that is, making sure that whoever is logging on is who he says he is and has a right to enter. Once the user has been authenticated, there's the issue of exchanging and managing the keys that the users need to communicate as their permission (authorization) allows. Creating and managing the keys has to be done in a way that protects them from being stolen or tampered with and makes sure they get only to a user whose identity has been authenticated.

In this chapter we'll look first at who guards the front door and how users are authenticated. Once we've covered that layer, we'll move on to the pure key management systems. This is where we will get into encryption key management, which we'll find involves more than simply exchanging keys. The entire issue of key management, encryption and message authentication (hashing and signatures), and protocol negotiation must be addressed carefully.

6.1 User Authentication

It may seem strange to begin a chapter on key management with a discussion of user authentication, but one of the greatest challenges a VPN administrator faces is making sure the right person and only the right person is getting the right keys. To do that, the key...

< Previous Excerpt Next Excerpt >

Purchase This Book

Virtual Private Networks: Making the Right Connection

TABLE OF CONTENTS

Chapter 6: User Authentication, Authorization, and Key Management

Contact Preferences

This is embarrasing...

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

This is embarrasing...