12-30 User’s Reference Guide
Token Security Authentication
This section discusses how to configure and use security authentication on the Netopia R310.
Note: The security authentication feature only applies to Netopia R310 models connecting over a dial-up line
using the PPP-PAP-TOKEN or PPP-CACHE-TOKEN authentication protocol.
Securing network environments
Unauthorized tampering or theft of information on internal networks causes serious ramifications, given the
reliance on information systems. Network abuse is a serious problem, complicated by the difficulty in detecting
the source of the abuses. An unauthorized user can gain access to networks and copy information without
leaving a trace.
Password protection is one solution, but static passwords are often insecure. They can be compromised,
allowing unauthorized users to disguise themselves as authorized users and enter supposedly secure systems.
However, a company called Security Dynamics™ has patented a security authentication technology to increase
network security.
SecurID is a two-factor authentication process to protect against unauthorized access. This dynamic user
authentication produces a randomly-generated security code mechanism that changes every 60 seconds. At
login, authorized users enter their password and the code displayed on their SecurID token card. While a
password may be compromised, the constantly changing access code, which requires the token card during
system use, bars unauthorized users from entering the network.
Using the SecurID token card
Each SecurID token card is programmed with an algorithm that ensures every code displayed is valid only for
that user at that particular time. The token card has a display that authorizes the individual user access to the
computer. Through this authentication system, the user’s identity is verified when the correct password and
current code are entered from the user’s token.
Personal identification number (PIN)
The user’s password is called a personal identification number, or PIN. The user enters the secret PIN from a
console connection, followed by the current code displayed on the token card. Then the access control module
must authenticate the token’s unique code in combination with the user’s secret PIN before access is granted.
Key Security Authentication Features of the Netopia R310
As a remote device, the Netopia R310 offers client/calling side security authentication. This feature allows the
Netopia R310 to call a server router and perform security card authentication. The router of the called server
must have access to a server with ACE software loaded on it.
To perform security card authentication, each user must have a security authentication token card and a PIN. In
addition, the user’s identifying information must reside on the remote ACE servers for authentication
negotiation to properly take place.