Conyac で依頼された翻訳結果を公開

Authentication Servers

Firewall and proxy servers can perform some kinds of user authentication functions. It can also consider the use of a central database, known as "authentication server" to centrally store all the necessary information for authenticating and authorising users such as user passwords and access privileges. In addition, these authentication servers can support stronger authentication schemes such as the use of tokens and smart cards, which may not be able to be supported by proxies.

For example, Remote Authentication Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) are common schemes used for remote authentication. Referring to Figure 2, an authentication server can be used to authenticate remote dial-in users before they are granted access rights to the network.
• The information stored in the authentication database should be encrypted and be well protected from unauthorised access or modification.
• A single dedicated machine, which is securely protected, should be used.
• The server should be properly configured to log administrative transactions, usage accounting information and authentication transactions such as failed login attempts.
• If more than one authentication servers are used for resilience, make sure that the information stored in the authentication databases is propagated to all other replicas.

• System log files should be reviewed periodically to detect any unauthorised account creation or privilege modification.

FIREWALLS

A firewall can be considered as a security measure for protecting an organisation's resources against intruders. It is an important component of a security infrastructure. It should be reminded that the design and setup of a firewall requires thorough understanding about the firewall features, functions, capabilities and limitations as well as the threats and vulnerabilities associated with the Internet.