Netgear STM150 ProSecure Web and Email Threat Management Appliance Reference Manual
164
|
Chapter 5. Managing Users, Groups, and Authentication
ProSecure Web/Email Security Threat Management (STM) Appliance
Editing LDAP and Active Directory Domains
To edit an LDAP or Active Directory domain:
1.
Select User Management > Authentication from the menu. The authentication
submenu tabs display with the LDAP screen in view (see
submenu tabs display with the LDAP screen in view (see
2.
In the Action column of the List of LDAP table, click the Edit table button for the domain and
server that you want to edit. The Edit LDAP screen displays. This screen contains the same
fields as the LDAP screen (see
server that you want to edit. The Edit LDAP screen displays. This screen contains the same
fields as the LDAP screen (see
3.
4.
Click Test to verify that the LDAP server can actually function with the LDAP settings that
you have modified. The automated test procedure checks the connection to the LDAP
server, the bind DN, and the bind password. If any settings require changes, you are notified
at the end of the automated test procedure.
you have modified. The automated test procedure checks the connection to the LDAP
server, the bind DN, and the bind password. If any settings require changes, you are notified
at the end of the automated test procedure.
5.
Click Apply to save your settings.
Understanding the ProSecure DC Agent
If you set up an open network, you would want to allow unauthenticated users to surf
anonymously. For a secure network, you would use a more restrictive access policy for
unauthenticated users and a less restricted access policy for authenticated users.
anonymously. For a secure network, you would use a more restrictive access policy for
unauthenticated users and a less restricted access policy for authenticated users.
Without the use of the DC agent, any LDAP domain user surfs anonymously until providing
credentials to the STM in order to proceed past a blocked Web activity. With use of the DC
agent, LDAP domain users are immediately known to the STM when they are authenticated
on a DC server on which the DC agent is installed.
credentials to the STM in order to proceed past a blocked Web activity. With use of the DC
agent, LDAP domain users are immediately known to the STM when they are authenticated
on a DC server on which the DC agent is installed.
If the LDAP directory authenticates through a domain controller (DC) server that runs
Windows Server 2003 with Service Pack 1 (SP1) or Windows Server 2008, you can use the
ProSecure DC Agent software to authenticate LDAP domain users.
Windows Server 2003 with Service Pack 1 (SP1) or Windows Server 2008, you can use the
ProSecure DC Agent software to authenticate LDAP domain users.
The DC agent monitors all Windows login events (that is, all LDAP domain user
authentications) on the DC server, and provides a mapping of Windows user names and IP
addresses to the STM, enabling the STM to transparently apply user policies. The DC agent
transfers encrypted names, IP addresses, groups, and login times of the users logged in to
the STM, where this information remains securely (that is, it is not transferred out of the
STM).
authentications) on the DC server, and provides a mapping of Windows user names and IP
addresses to the STM, enabling the STM to transparently apply user policies. The DC agent
transfers encrypted names, IP addresses, groups, and login times of the users logged in to
the STM, where this information remains securely (that is, it is not transferred out of the
STM).