Abstract
Extending local area networks (LANs) to the home is an important area of today’s communication technology. Due to its global availability, making use of services offered by public telecommunication infrastructure gives a high connectivity and flexibility. There are different types of global infrastructure available to build such a remote access environment: Public switched telephone network (PSTN) using modems and wireless cellular radio systems like groupe spécial mobile (GSM) are used. However, integrated services digital network (ISDN) will replace modem lines due to its higher bandwidth and more adequate embedding. Such a heterogeneous remote access scheme needs enhanced access and traffic control. This paper demonstrates a router-based solution for enhanced ISDN call management. One of the main advantages is the separation of a strategic module which defines the behavior. However, using dial up lines to access LANs requires additional access control and user authentication. As the user profiles may vary widely, a remote access security policy is introduced, which has to deal with binding the user’s access rights to the user profile. This security system is based on an information filtering scheme, which is controlled by the authenticated security servers. The authentication algorithm is interchangeable and different authentication methods can be used simultaneously. These can range from simple password-based schemes for low privileged guest profiles to cryptographic methods like zero knowledge authentication using secure ID cards for high privileged remote access profiles. Previews of future, connection oriented remote access schemes like asynchronous transfer mode- (ATM) based broadband ISDN (B-ISDN) are given.
Chapter PDF
Similar content being viewed by others
References
Bellovin, S. M. (1989) Security Problems in the TCP/IP Protocol Suite. Computer Communications Review, v. 19 no. 2, pp. 32–48.
Boozer, C (1995) Remote Access Security, Whitepaper. Funk Software, Inc.
CERT (1995) IP Spoofing Attacks and Hijacked Terminal Connection. CERT Coordination Center, Carnegie Mellon University, Advisory CA-95: 01.
Case, J., Fedor, M., Schoffstall, M., Davin, J. (1988) A Simple Network Management Protocol (SNMP). RFC 1157, SNMP Research.
Chapman, D. B. (1992) Network (In)security through IP Packet Filtering. Proceedings of the 3rd USENIX UNIX Security Workshop, pp. 63–76.
Cheswick, W. R., Bellovin, S. M. (1994) Firewalls and Internet Security. Addison Wesley.
Dray, J. F., Smid, M. E., Warnar, R. B. J. (1989) Implementing a Access Control System with Smart Token Technology. NIST Draft, National Institute of Standards and Technology.
Feigenbaum, J. (1992) Overview of Interactive Proof Systems and Zero-Knowledge. Contemporary Cryptology: The Science of Information Integrity, IEEE Press, pp. 423–439.
Finseth, C. (1993) An Access Control Protocol, Sometimes Called TACAC., RFC 1492, University of Minnesota.
Gallagher, P. R. (1987) A Guide to Understanding Discretionary Access Control in Trusted Systems. National Computer Security Center, NCSC-TG-003–87 Lib. No. S-228, 576.
Karn, P. (1988) Amateur Packet Radio and TCP/IP. ConneXions, v. 2 no. 9, pp. 8–15.
Lin Ping, Lin Lin. (1996) Security in Enterprise Networking: A Quick Tour. IEEE Communications Magazine, v. 34 no. 1, pp. 56–61.
Lloyd, B., Simpson, W. (1992) PPP Authentication Protocols. RFC 1334, Lloyd & Associates.
McCloghrie, K., Rose, M., Waters, G. (1995) User-based Security Model for SNMPv2. Internet Draft, User Configuration MIB for SNMPv2 Agents.
Rivest, R. L., Shamir, A., Adelmann, L. (1978) Obtaining Digital Signatures and Public Key Cryptosystems. Communications of the ACM, v. 21 no. 2, pp. 120–126.
Rivest, R. L., Dusse, S. (1992) The MD5 Message-Digest Algorithm. RFC 1321, MIT Laboratory for Computer Science and RSA Data Security, Inc.
Simpson, W. 1994 Point-to-Point Protocol (PPP), STD 51, RFC 1661, Daydreamer, July 1992.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Posch, R., Leitold, H., Pucher, F. (1996). ISDN LAN Access: Remote access security and user profile management. In: Horster, P. (eds) Communications and Multimedia Security II. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35083-7_20
Download citation
DOI: https://doi.org/10.1007/978-0-387-35083-7_20
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2931-2
Online ISBN: 978-0-387-35083-7
eBook Packages: Springer Book Archive