Manual Chapter :
Overview: Using ephemeral authentication to secure privileged user access
Applies To:
Show Versions
BIG-IP APM
- 17.5.0, 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.6, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
Overview: Using ephemeral authentication to secure privileged user access
Security breaches are a constant threat to companies, government agencies,
information systems, and all organizations accessible from the Internet. These breaches
can result in the unauthorized access of data, applications, services, networks, and
devices. Malicious actors persistently attack by circumventing the security mechanisms
particularly those in place for privileged users, such as system and network
administrators. As a result, traditional user name and password access to administrative
resources is a major security vulnerability in our networks today.
Access Policy Manager (APM) provides Privileged User Access so that you can
add CAC authentication (Common Access Card), Personal Identity Verification (PIV), or
other strong authentication method to network infrastructure for enhanced security. This
solution integrates directly into DoD PKI systems and works cooperatively with existing
RADIUS, TACACS, Active Directory, and a variety of third-party authentication databases.
Deployment of Privileged User Access requires a license and involves the
configuration of these components:
- Ephemeral Authentication Server
- WebSSH Proxy
- Authentication Server (for RADIUS and/or LDAP or LDAPS)
This document describes ephemeral authentication concepts, requirements, and provides two
complete use cases:
- Ephemeral Authentication using LDAP/LDAPS Proxy with WebSSH
- Ephemeral Authentication using RADIUS Proxy with WebSSH
