Cisco Cisco Web Security Appliance S170 Guía Del Usuario
5-3
AsyncOS 8.8 for Cisco Web Security Appliances User Guide
Chapter 5 Acquire End-User Credentials
Authentication Planning
Active Directory/Kerberos
Explicit Forward
Transparent, IP-Based Caching
Transparent, Cookie-Based Caching
Advantages:
•
Better performance and interopera-
bility when compared to NTLM
bility when compared to NTLM
•
Works with both Windows and
non-Windows clients that have
joined the domain
non-Windows clients that have
joined the domain
•
Supported by all browsers and most
other applications
other applications
•
RFC-based
•
Minimal overhead
•
Works for HTTPS
(CONNECT) requests
(CONNECT) requests
•
Because the password is not
transmitted to the authentication
server, it is more secure
transmitted to the authentication
server, it is more secure
•
Connection is authenticated, not the
host or IP address
host or IP address
•
Achieves true single sign-on in an
Active Directory environment
when the client applications are
configured to trust the Web
Security appliance
Active Directory environment
when the client applications are
configured to trust the Web
Security appliance
Advantages:
•
Better performance and interopera-
bility when compared to NTLM
bility when compared to NTLM
•
Works with both Windows and
non-Windows clients that have
joined the domain
non-Windows clients that have
joined the domain
•
Works with all major browsers
•
With user agents that do not
support authentication, users
only need to authenticate first in
a supported browser
support authentication, users
only need to authenticate first in
a supported browser
•
Relatively low overhead
•
Works for HTTPS requests if the
user has previously authenticated
with an HTTP request
user has previously authenticated
with an HTTP request
Advantages:
•
Better performance and interopera-
bility when compared to NTLM
bility when compared to NTLM
•
Works with both Windows and
non-Windows clients that have
joined the domain
non-Windows clients that have
joined the domain
•
Works with all major browsers
•
Authentication is associated
with the user rather than the host
or IP address
with the user rather than the host
or IP address
Disadvantages:
•
Each new web domain requires
the entire authentication process
because cookies are domain specific
the entire authentication process
because cookies are domain specific
•
Requires cookies to be enabled
•
Does not work for HTTPS requests