Jeff Hayes
Alcatel IND
USA

This paper addresses the value of using centralized policies to disseminate network administration privileges throughout the network infrastructure. A gaping security hole in many of today's networks is the weak security surrounding the network devices themselves--the routers, the switches, the access servers... In all public networks and in some private networks, the network devices are shared virtually among different user communities. Access to the configuration schemes and command lines is most often an 'all or nothing' proposition--the network administrator gets either read-only privileges or read/write privileges In this case, authentication equals authorization. Herein lies the problem. Security policies may mandate certain administrators have read-only capabilities for all device parameters and read/write capabilities for only a certain subset of commands. Other administrators may have a different access profile. Authentication verifies identity. Authorization verifies privileges.

Read Paper (in PDF)