advertisement
Using Novell Security Manager
Authentication Methods: Select the authentication method in the selection field. In order to give you access to Novell Security Manager through the configurations tool WebAdmin after the installation, the authentication method Local Users has already been defined here and the respective
User hase been entered in the Allowed Users selection menu.
Further available authentication methods are NT/2000/XP Server,
RADIUS Database and LDAP Server.
Local Users are administered in the Definitions/Users menu.
Allowed Users: By default this is set to the user admin.
Local users are defined in the Definitions/Users menu.
Log Access Network Traffic: All connections to the WebAdmin configuration tool are logged to the Packet Filter Logs as Accept rule. The
Packet Filter Logs can be found in the Local Logs/Browse menu. By default, this function is disabled.
Enable this function by clicking on the Enable button (status light on green).
Block Password Guessing
This function can be used to limit the number of attempts to log in to the WebAdmin configuration tool. After a specific number of attempts, the access from this IP address will be denied for a given time span.
Configuring the Blocking Protection for Login Attempts:
1. In the System tab, open the WebAdmin Settings menu.
2. Make the following settings:
After failed Attempts: Select the maximum allowable number of attempts in the drop-down menu.
Block IP for Period: Enter the time span for the blocking protection in the entry field.
3. Save your changes by clicking Save.
Now, the blocking protection is enabled. The Never block Networks window, allows you to exclude networks or hosts from the blocking protection.
4.1.9. WebAdmin Site Certificate
Encryption systems are an important part of many modern security devices. They are used, for example, when transmitting confidential infor-
72
Using Novell Security Manager mation over Virtual Private Networks (in chapter 4.7 on page 220), in
User Authentication and Up2Date Service or, to securely administer
Novell Security Manager over the network.
Certificates and Certificate Authorities (CA) are an essential part of modern cryptographic protocols, and help close the gaps left open by other systems. Public Key Algorithms offer a particularly elegant form of encryption. They do, however, presuppose that the public keys of all communications partners are known.
At this point, a third, trusted party is used to ensure the validity of public keys. The third party issues certificates guaranteeing the authenticity of these keys: this third party is called a Certificate Authority (CA). A certificate is a record in a standardized format with the owner’s most important data - his name, and his public key - and is signed with the private key of the CA. The format for these certificates is defined in the
X.509 standard.
In a certificate, the CA certifies, with its own signature, that the public key belongs to the person (or entity) it says it does. As the certificate contains information such as the name of the owner, duration of validity, issuing authority, and the signature of the CA, it can be seen as a kind of digital passport.
The WebAdmin Site Certificate menu allows you to create two certificates: first a CA certificate, which will be installed in your browser, and second the server certificate (signed by the CA certificate) which the system uses to authenticate itself to your browser. These two certificates contain the company’s data and the system’s hostname.
Creating a Certificate for WebAdmin:
1. Under the System tab, open the WebAdmin Site Certificate menu.
2. In the Certificate Information menu, enter the appropriate information for your firm.
Country: Choose your country from the drop-down menu.
State: Choose the state or region where you are.
City: Enter the name of city.
Organization: Enter the company’s name.
Section: Enter the department.
E-Mail Address: Enter your e-mail address.
3. In the field Firewall Hostname, enter the host name or IP address of
Novell Security Manager you use to access WebAdmin.
73
advertisement
