--> By Implementing authentication on Cisco WSA, We can do following things:
i) Tracks employee user activity
ii) Policies can be implemented by using users and groups rather than IP Addresses.
iii) Easily integrates with existing authentication infrastructure.
--> When you enable authentication, Cisco WSA checks the user authentication before giving the access to the network.
--> The only requirement is to create authentication realm before enabling authentication.
--> An authentication realm is set of servers which supports either NTLM or LDAP.
--> Cisco WSA Supports mainly two authentication protocols: LDAP and NTLM.
1) LDAP: Cisco WSA supports both LDAP and LDAPS using bind query
2) NTLM: NTLM is a basically windows proprietary protocol supports two types of authentication mechanisms:
i) Basic: Asks for username/password everytime whenever the user opens the webbbrowser.
iii) NTLM SSP: The webbrowser will not ask for the username/password whenever the client opens it. It uses three way handshake and password is never sent across the connection.
--> The client authentication works differently based upon the mode configured for WSA:
1) Explicit Mode:
--> Whenever the client tries to access the Internet, The WSA explicitly sends 407 HTTP response with Proxy Authentication required status response.
--> The Client will enter the username/password and send it to WSA.
--> WSA validates the credentials and depending upon the access is allowed or denied.
2) Transparent Mode
--> Whenever the client tries to access the Internet, The WSA sends 401 HTTP response with Authorization required status message.
--> The Client will enter the username/password and send it to WSA.
--> WSA validates the credentials and depending upon the access is allowed or denied.
i) Tracks employee user activity
ii) Policies can be implemented by using users and groups rather than IP Addresses.
iii) Easily integrates with existing authentication infrastructure.
--> When you enable authentication, Cisco WSA checks the user authentication before giving the access to the network.
--> The only requirement is to create authentication realm before enabling authentication.
--> An authentication realm is set of servers which supports either NTLM or LDAP.
--> Cisco WSA Supports mainly two authentication protocols: LDAP and NTLM.
1) LDAP: Cisco WSA supports both LDAP and LDAPS using bind query
2) NTLM: NTLM is a basically windows proprietary protocol supports two types of authentication mechanisms:
i) Basic: Asks for username/password everytime whenever the user opens the webbbrowser.
iii) NTLM SSP: The webbrowser will not ask for the username/password whenever the client opens it. It uses three way handshake and password is never sent across the connection.
--> The client authentication works differently based upon the mode configured for WSA:
1) Explicit Mode:
--> Whenever the client tries to access the Internet, The WSA explicitly sends 407 HTTP response with Proxy Authentication required status response.
--> The Client will enter the username/password and send it to WSA.
--> WSA validates the credentials and depending upon the access is allowed or denied.
2) Transparent Mode
--> Whenever the client tries to access the Internet, The WSA sends 401 HTTP response with Authorization required status message.
--> The Client will enter the username/password and send it to WSA.
--> WSA validates the credentials and depending upon the access is allowed or denied.
0 comments:
Post a Comment