Overview
To ensure the security of the Interaction Between the AD SSO Plug-in and device, the device provides the following security hardening policies:
AD SSO Plug-in Spoofing Prevention
In the interaction between the AD SSO plug-in and firewall, the pre-shared key and AES128 are used for encryption.
Anti-Brute Force
In the AD SSO authentication process, the pre-shared key is used to encrypt transmitted data. You can choose the common or enhanced AES encryption mode in the configuration of the shared key.
- In the common AES encryption mode, when the AD SSO plug-in interacts with the firewall, the plug-in uses the pre-shared key for AES encryption on the transmitted data. After receiving the data, the firewall uses the shared key for AES decryption on the data.
- The enhanced AES mode has the AES encryption mode enhanced. In this mode, when the AD SSO plug-in interacts with the firewall, the pre-shared key is first exported to generate a random shared-key. The newly generated shared key is used to encrypt the data. After receiving the data, the firewall uses the pre-shared key to export the new shared key for the client and then decrypts the data.
Password Security
In AD SSO authentication, if the configured pre-shared key is too simple, a security risk is prompted.
Anti-Repudiation
Every time the AD SSO plug-in notifies the firewall of a user authentication success, the firewall records detailed user authentication logs for audit and backtracking.
Data Leak Prevention and Anti-Tampering
In the interaction between the AD SSO plug-in and firewall, the pre-shared key and AES128 are used for encryption.
Impact on the System
None