Cisco Cisco Web Security Appliance S170 Guía Del Usuario
Chapter 20 Authentication
Understanding How Authentication Works
20-8
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
describes the differences between Basic and NTLMSSP authentication
schemes.
How Web Proxy Deployment Affects Authentication
The Web Proxy communicates with clients and authentication servers differently
depending on the type of Web Proxy deployment and the authentication protocol.
depending on the type of Web Proxy deployment and the authentication protocol.
Authentication
Scheme
Scheme
User Experience
Security
Basic
The client always prompts users for
credentials. After the user enters
credentials, browsers typically offer a
check box to remember the provided
credentials. Each time the user opens the
browser, the client either prompts for
credentials or resends the previously
saved credentials.
credentials. After the user enters
credentials, browsers typically offer a
check box to remember the provided
credentials. Each time the user opens the
browser, the client either prompts for
credentials or resends the previously
saved credentials.
Credentials are sent unsecured as clear
text (Base64). A packet capture between
the client and Web Security appliance can
reveal the user name and password.
text (Base64). A packet capture between
the client and Web Security appliance can
reveal the user name and password.
Note: You can configure the Web Security
appliance so clients send authentication
credentials securely. For more
information, see
appliance so clients send authentication
credentials securely. For more
information, see
NTLMSSP
The client transparently authenticates by
using its Windows login credentials. The
user is not prompted for credentials.
using its Windows login credentials. The
user is not prompted for credentials.
However, the client prompts the user for
credentials under the following
circumstances:
credentials under the following
circumstances:
•
The Windows credentials failed.
•
The client does not trust the Web
Security appliance because of
browser security settings.
Security appliance because of
browser security settings.
Credentials are sent securely using a
three-way handshake (digest style
authentication). The password is never
sent across the connection.
three-way handshake (digest style
authentication). The password is never
sent across the connection.
For more information on the three-way
handshake, see
handshake, see