[Agenda] [Examples] [Network Partitioning] [Concepts] [Policy] [Process] [Organization] [HW-SW] [Cases studies] [Conclusion] [Resources]
[first slide] Future of Network Partitioning (1/2) [previous slide] [next slide]


* X.509 certificates to replace IP addresses for device & hosts identification & authentication
o The same as IPsec

* User-based access control
o Filters based on user X.509 certificates
o Using HTTP AAA
o Recall: in existing network devices: at the network layer

* How user-based filtering works
o The first network device that a host tries to cross authenticates the user
o The network device applies the user profile
o The user only sees a virtual network with the specific hosts and services he needs access to


*********************************************************************
HSC ® © Hervé Schauer Consultants December 1999 - 142, rue de Rivoli - F-75001 Paris - France
Phone: +33 141 409 700 - Fax: +33 141 409 709 - Email: <secretariat@hsc.fr>
- Page 34 -