Introduction

• Steps to determine the authentication requirements:

1. Refer to the enterprise security plan to determine the security requirements for the user and enterprise.

2. According to the user and enterprise requirements, identify and analyse the authentication options.

3. Select the authentication and authorisation processes that are most appropriate for the requirements of the user and the enterprise.

• Steps to configure the authentication software or tools:

4. Create an authentication realm, and reuse it as required to protect different areas of the server.

5. In accordance with the business needs, add the users and authorisation rules to the new realm.

6. Describe the user attributes and the user attribute set-up.

7. On the appropriate server, set up an authentication filter and authorisation parameters, in accordance with the business requirements.

• Steps to apply the authentication methods to the server:

8. As required, develop or obtain the authentication protocols.

9. According to the business need, develop and distribute the related methods to users.

10. Brief the user on the authentication system, including their responsibilities, according to the enterprise security plan.

11. Apply the authentication system to the network and user, according to the system product requirements.

12. In a secure and central location, record and store the permission and configuration information.

• Steps to monitor and test the authentication system:

13. Review and test the authentication system in accordance with user and enterprise security, and the quality of the service requirements.

14. Use incident management and reporting processes to ensure ongoing security monitoring, according to the enterprise security plan.

15. If required, adjust the authentication system to ensure that the authentication solutions are current.

• Discussions

16. The problems and challenges encountered throughout your dealings with organisational authentication issues, including resource accounting through authentication.

17. The function and the operation of the authentication controls used.

18. Any authentication adaptors, biometric authentication adaptors or digital certificates, such as VeriSign, X.509, and SSL used throughout the task.

19. The principles of security tokens.

20. Any of the following common VPN issues encountered:

a. Quality of service considerations.

b. Bandwidth.

c. Dynamic security environment.

d. Function and operation of VPN concepts.