HP JetAdvantage Security Manager 10 Device E-LTU Instrukcja Użytkownika Strona 39
- Strona / 116
- Spis treści
- BOOKMARKI
Oceniono. / 5. Na podstawie oceny klientów
39
Security Manager can provide a complete solution for adding devices to a protected 802.1x network
as it can not only remediate the 802.1x settings but also can install the necessary certificates. The
scenario at each customer site may differ though in the process to be used to setup devices. Some
sites may opt to use a “staging area” to configure devices to join the protected network. Other sites
may provide temporary access to the protected network via “whitelisting” for example until the
devices can be successfully configured to join via PEAP or EAP-TLS. In some situations, one
installation of Security Manager could configure devices for 802.1x and install necessary certificates.
In other situations, two installations of Security Manager may be required to perform the same
actions. It just depends on how the network is setup and whether Security Manager will have access
to the devices and the CA server.
IEEE 802.1X Port Access Control is a generic framework that allows infrastructure devices to control
an end-node’s access to the network. The end-node device must authenticate itself to the network
before the local switch will grant it access to the network. The end-node device has a valid link to the
switch, but the only frames the switch will forward from the end-node to the network are 802.1X
Extensible Authentication Protocol (EAP) frames.
Multiple protocols have been developed under the EAP framework. All HP Jetdirect products
supporting 802.1X also support Protected EAP (PEAP). Many HP Jetdirect products also support EAP-
Transport Layer Security (EAP-TLS). These two EAP flavors are the most popular for wired 802.1X
deployments.
Both protocols utilize SSL/TLS running under EAP to authenticate the Authentication Server which sets
up a secure tunnel. A cornerstone of trust in SSL/TLS is the digital certificate. For PEAP and EAP-TLS,
the Authentication Server sends over a digital certificate which the supplicant will attempt to validate.
After a series of checks are performed, the supplicant will need to establish that the digital certificate
was created by a trusted authority. If it passes that test, an SSL/TLS tunnel can be established.
At this point, PEAP and EAP-TLS diverge. PEAP uses the tunnel to securely pass credentials via another
protocol, typically a username and password, to the Authentication Server while EAP-TLS uses a client
digital certificate for authentication.
PEAP can be referred to as the “password” implementation of 802.1x as it requires an 802.1x
username and password to authenticate onto the 802.1x network, plus a CA certificate so it can trust
the Certificate Authority on the Radius server.
EAP-TLS can be referred to as the “certificate” implementation of 802.1x as it requires both a CA
certificate and an identity certificate to authenticate onto the 802.1x network. It does not use an
802.1x username or password to authenticate, however, the device itself requires a username and
password to enable 802.1x.
By default, Jetdirect behavior is to set the hostname of the device as the 802.1x username. If for
some reason the 802.1x username is blank on the device, if the Security Manager is also blank for
802.1x username, during remediation Security Manager will recognize that the device is blank and
will set the device hostname to be the 802.1x username since one is required on the device. This
allows for the 802.1x username to still be unique on each device, if desired. Otherwise, you could
enter an 802.1x username into the Security Manager policy, and that same username would be set
on all devices during remediation.
If the 802.1x Password is blank on the device, during remediation Security Manager will set whatever
is entered in the policy as 802.1x Password on the device. The 802.1x Password cannot be read
from the device nor is there a technique whereby Security Manager could test a known password
against what is set on the device. Therefore, if there is an existing 802.1x Password on the device,
- Policy Editor Settings 1
- INTRODUCTION 5
- Repudiation 6
- Information Disclosure 6
- Denial of Service 6
- SOLUTIONS 7
- CREATING A POLICY 8
- Template Choices 9
- Adding Security Settings 14
- Policy Preview 18
- Search Feature 20
- Quick Settings 21
- POLICY CATEGORIES 22
- Authentication 24
- Authentication Manager 25
- Credentials 30
- Authentication Services 38
- Certificate Management 42
- Device Control 47
- Logging 50
- Control Panel 51
- External Connections 53
- Device Security Checks 55
- General 59
- Device Discovery 69
- Printing 74
- Digital Services 83
- Network Security 88
- Network Services 92
- Information Tab 94
- Phone Home 95
- Shared Items 102
- Outgoing E-mail (SMTP) 103
- ENW, Rev. 5, April 2017 104
- HP Color LaserJets 105
- HP LaserJets 109
- HP Other Devices 113
Powiązane produkty i podręczniki dla Nie HP JetAdvantage Security Manager 10 Device E-LTU
(283 strony)
(24 strony)
(310 strony)
(80 strony)
(52 strony)© 2020, manymanuals.pl. Wszelkie prawa zastrzeżone. | 0.053 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji