Firewalls: Authentication before getting to the firewall

Firewalls
(August 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Authentication before getting to the firewall
From:	"Moubray, Steve" <SMOUBRAY @ dcc . com>
Date:	Fri, 18 Aug 1995 16:51:00 -0500
To:	"'firewalls @ greatcircle . com'" <firewalls @ GreatCircle . COM>
Encoding:	23 TEXT

I have a well known commercial proxy server acting as a bastion host and it 
is working fine.  All Internet services run through this proxy.  I now need 
to implement a secure authentication and usage tracking system.  Our proxy 
server can support user id and passwords but the thought of these items 
resting on my bastion makes me nervous and the use of one time passwords 
isn't very convenient for internal customers.

I would like to have the authentication and usage tracking system between 
the internal network and the bastion (proxy).  The best solution would just 
be a router (preferably BSD based) that would authenticate the customer 
before passing packets and log everything.  If it could also drop the 
connection after a preset time of in-activity that would be even better.

Any ideas would be greatly appreciated.

TIA
 --------------------------------------------------
Steve Moubray     DCC, Inc.
10 2nd Street NE, Minneapolis, MN 55413
(612) 378-4469    Fax (612) 378-4401
smoubray @
 dcc .
 com  http://www.dcc.com/

Follow-Ups:

Re: Authentication before getting to the firewall
From: Marc Knepppers <knepperm @ cuug . ab . ca>

Indexed By Date	Previous:	Re: ANNOUNCEMENT: Brent's "Building Internet Firewalls" book is d From: Brent @ GreatCircle . COM (Brent Chapman)
Indexed By Date	Next:	Re: An idea From: "Bill Duncan (459)" <Bill @ travsoft . com>
Indexed By Thread	Previous:	Re: MICROSOFT FIREWALL From: mrz @ mrz . wisdom . bubble . org (Michael R. Zboray)
Indexed By Thread	Next:	Re: Authentication before getting to the firewall From: Marc Knepppers <knepperm @ cuug . ab . ca>