ISDN LAN Access: Remote access security and user profile management

  • Reinhard Posch
  • Herbert Leitold
  • Franz Pucher
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT)


Extending local area networks (LANs) to the home is an important area of today’s communication technology. Due to its global availability, making use of services offered by public telecommunication infrastructure gives a high connectivity and flexibility. There are different types of global infrastructure available to build such a remote access environment: Public switched telephone network (PSTN) using modems and wireless cellular radio systems like groupe spécial mobile (GSM) are used. However, integrated services digital network (ISDN) will replace modem lines due to its higher bandwidth and more adequate embedding. Such a heterogeneous remote access scheme needs enhanced access and traffic control. This paper demonstrates a router-based solution for enhanced ISDN call management. One of the main advantages is the separation of a strategic module which defines the behavior. However, using dial up lines to access LANs requires additional access control and user authentication. As the user profiles may vary widely, a remote access security policy is introduced, which has to deal with binding the user’s access rights to the user profile. This security system is based on an information filtering scheme, which is controlled by the authenticated security servers. The authentication algorithm is interchangeable and different authentication methods can be used simultaneously. These can range from simple password-based schemes for low privileged guest profiles to cryptographic methods like zero knowledge authentication using secure ID cards for high privileged remote access profiles. Previews of future, connection oriented remote access schemes like asynchronous transfer mode- (ATM) based broadband ISDN (B-ISDN) are given.


Remote access security user authentication user profile management 


  1. Bellovin, S. M. (1989) Security Problems in the TCP/IP Protocol Suite. Computer Communications Review, v. 19 no. 2, pp. 32–48.CrossRefGoogle Scholar
  2. Boozer, C (1995) Remote Access Security, Whitepaper. Funk Software, Inc.Google Scholar
  3. CERT (1995) IP Spoofing Attacks and Hijacked Terminal Connection. CERT Coordination Center, Carnegie Mellon University, Advisory CA-95: 01.Google Scholar
  4. Case, J., Fedor, M., Schoffstall, M., Davin, J. (1988) A Simple Network Management Protocol (SNMP). RFC 1157, SNMP Research.Google Scholar
  5. Chapman, D. B. (1992) Network (In)security through IP Packet Filtering. Proceedings of the 3rd USENIX UNIX Security Workshop, pp. 63–76.Google Scholar
  6. Cheswick, W. R., Bellovin, S. M. (1994) Firewalls and Internet Security. Addison Wesley.zbMATHGoogle Scholar
  7. Dray, J. F., Smid, M. E., Warnar, R. B. J. (1989) Implementing a Access Control System with Smart Token Technology. NIST Draft, National Institute of Standards and Technology.Google Scholar
  8. Feigenbaum, J. (1992) Overview of Interactive Proof Systems and Zero-Knowledge. Contemporary Cryptology: The Science of Information Integrity, IEEE Press, pp. 423–439.Google Scholar
  9. Finseth, C. (1993) An Access Control Protocol, Sometimes Called TACAC., RFC 1492, University of Minnesota.Google Scholar
  10. Gallagher, P. R. (1987) A Guide to Understanding Discretionary Access Control in Trusted Systems. National Computer Security Center, NCSC-TG-003–87 Lib. No. S-228, 576.Google Scholar
  11. Karn, P. (1988) Amateur Packet Radio and TCP/IP. ConneXions, v. 2 no. 9, pp. 8–15.Google Scholar
  12. Lin Ping, Lin Lin. (1996) Security in Enterprise Networking: A Quick Tour. IEEE Communications Magazine, v. 34 no. 1, pp. 56–61.CrossRefGoogle Scholar
  13. Lloyd, B., Simpson, W. (1992) PPP Authentication Protocols. RFC 1334, Lloyd & Associates.Google Scholar
  14. McCloghrie, K., Rose, M., Waters, G. (1995) User-based Security Model for SNMPv2. Internet Draft, User Configuration MIB for SNMPv2 Agents.Google Scholar
  15. Rivest, R. L., Shamir, A., Adelmann, L. (1978) Obtaining Digital Signatures and Public Key Cryptosystems. Communications of the ACM, v. 21 no. 2, pp. 120–126.zbMATHCrossRefGoogle Scholar
  16. Rivest, R. L., Dusse, S. (1992) The MD5 Message-Digest Algorithm. RFC 1321, MIT Laboratory for Computer Science and RSA Data Security, Inc.Google Scholar
  17. Simpson, W. 1994 Point-to-Point Protocol (PPP), STD 51, RFC 1661, Daydreamer, July 1992.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 1996

Authors and Affiliations

  • Reinhard Posch
    • 1
  • Herbert Leitold
    • 1
  • Franz Pucher
    • 1
  1. 1.Institute for Applied Information Processing and CommunicationsUniversity of Technology GrazGrazAustria

Personalised recommendations