Cisco Cisco Web Security Appliance S170 Guía Del Usuario
H O W W E B P R O X Y D E P L O Y M E N T A F F E C T S A U T H E N T I C A T I O N
C H A P T E R 1 6 : A U T H E N T I C A T I O N
343
Table 16-7 lists advantages and disadvantages of using explicit forward NTLM authentication.
Transparent Deployment, NTLM Authentication
Transparent NTLM authentication is similar to transparent Basic authentication except that the
Web Proxy communicates with clients using NTLMSSP instead of Basic. However, with
transparent NTLM authentication, the authentication credentials are not sent in the clear to
the authentication server.
Web Proxy communicates with clients using NTLMSSP instead of Basic. However, with
transparent NTLM authentication, the authentication credentials are not sent in the clear to
the authentication server.
The advantages and disadvantages of using transparent NTLM authentication are the same as
those of using transparent Basic authentication except that transparent NTLM authentication
is better because the password is not sent to the authentication server and you can achieve
single sign-on when the client applications are configured to trust the Web Security
appliance. For more information on the advantages and disadvantages of transparent Basic
authentication, see Table 16-5 on page 341 Table 16-6 on page 342.
those of using transparent Basic authentication except that transparent NTLM authentication
is better because the password is not sent to the authentication server and you can achieve
single sign-on when the client applications are configured to trust the Web Security
appliance. For more information on the advantages and disadvantages of transparent Basic
authentication, see Table 16-5 on page 341 Table 16-6 on page 342.
Table 16-7 Pros and Cons of Explicit Forward NTLM Authentication
Advantages
Disadvantages
• Because the password is not transmitted to
the authentication server, it is more secure
• Connection is authenticated, not the host or
IP address
• Achieves true single sign-on in an Active
Directory environment when the client
applications are configured to trust the Web
Security appliance
applications are configured to trust the Web
Security appliance
• Moderate overhead: each new connection
needs to be re-authenticated
• Primarily supported on Windows only and with
major browsers only