Security Server Configuration

Client Security Tab

The Client Security tab specifies the Security parameters associated with the Client TCP Port on which Security Server is listening for client connections.  This is the "client" side of the secure connection.  In other words, connections between the Security Server and the BlueZone emulation client will be secure.

Security ---

Client Security Level ---

The Client Security Level radio buttons set the Secure Sockets Layer version level to be negotiated.

• Non-Secured is a clear text connection without any encryption.  Connections configured as Non-Secure display a lightning bolt icon on the tree view adjacent to the connection name.

• Implicit SSL/TLS configures the client to use Implicit (Passive) SSL or TLS connections only.

• Explicit SSL/TLS configures the client to use Explicit (Active) SSL or TLS connections only.  Use this setting if your requires the AUTH TLS-P in order to negotiate a connection.

SEE  Implicit vs. Explicit Security for more information.

Encryption Strength ---

The Encryption Strength radio buttons set the available cipher suites required for client connections.

• Export Ciphers Only allows only SSL enabled clients supporting the 40-bit, less secure, exportable cipher suite to connect.

• All Ciphers allows any SSL enabled client to connect regardless of the cipher strength.

• Strong Ciphers Only allows only SSL enabled clients capable of 128 bit encryption or greater to connect. This is the recommended setting.

Authentication Method ---

The Authentication Method radio buttons select the third-party authentication system to use.

• None disables third-party authentication

• Win/NT Domain enables standard Windows Domain Authentication. To use an existing Domain controller, the Security Server must have network access to the PDC. Alternatively, a local user list may be created on the NT Server hosting the Security Server.

• SDI SecurID enables RSA/Security Dynamics Ace Server support for token authentication. When enabled, users will be prompted for their SecurID passcode when they attempt to connect to the Security Server. All SecurID passcode functions are supported.

• LDAP enables authentication through an LDAP Authentication server.

• IP Address: Enter the IP address of the LDAP Server.

• Port: Enter the Secret Key to access the ESS.

• SSL Secured: Enable if you want the data between the Security server and the LDAP Server to be encrypted.

• DN Format: In DN, %1 substitutes to Username, %2 substitutes to Domain.

Client Certificates ---

The Client Certificates check boxes enable the server to request a client certificate during the SSL negotiation.

• Use Client Certificates configures Security Server to request a Client Certificate during the SSL negotiation.  If a valid client certificate is not provided by the client, the connection will be terminated.

• Match CN to Userid configures the Security Server to match the Common Name on the Client Certificate with the User ID used with third-party authentication specified in the Authentication Method radio buttons.

• Match Reference Cert configures the Security Server to match the Client Certificate presented by the user to a reference copy stored on the server.

The Maximum number of allowed signon attempts: edit box specifies the maximum number of user authentication attempts.

The Server Certificate: drop down box allows you to choose the particular Server Certificate that you want to associate with this Connection.

Related Topics:

Host Security Tab

Host List Tab

Buffers Tab