Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Security Community Blog

NTLM Vs DCI (A Comparison of Symantec Web Gateway Features)

Created: 18 May 2013 • Updated: 18 May 2013
OmerCh's picture
0 0 Votes
Login to vote

 

Background

Symantec Web Gateway is state of the art proxy and web filtering solution for corporate local area networks. It has the capability to authenticate end users and provide them secure web browsing experience as per organization’s policies and requirements.

SWG can use one of the 2 authentication mechanisms available in it named

-          Domain Controller Interface (DCI)

-          NTML Authentication

SWG can only use one of these methods at a time.

 

Comparison of NTLM authentication and DC Interface Mechanisms

NTLM and DC Interface provide different kinds of authentication mechanisms and have difference in functionality as well.

DC Interface

DCI works by integrating with domain controllers in an organization. In order to do so we need to install a small piece of software on domain controller. This software actually integrates SWG with corporate domain.

How DCI Works

The SWG connects routinely to the DC to obtain all known users LDAP group information.

1-      User logs on to computer.

2-      DC Interface agent on Domain Controller detects logon event and sends user details and IP address to SWG.

3-      User connects to Internet.

4-      SWG matches connecting IP address to user with information received from DC Interface.

5-      SWG obtains LDAP group membership information from DC.

6-      SWG applies appropriate policy based on LDAP information.

7-      In the event that no matching logged on Domain User is identified, the SWG will apply the next IP based policy or the default policy.

NTLM Authentication

NTLM Authentication configuration accomplishes by providing corporate domain controller’s IP and credentials to SWG’s configuration tab for NTLM authentication. It does not require installation of any additional software on domain controller.

How NTLM Authentication Works

1- SWG Administrator creates an Authentication policy set to Ignore, Authenticate no Enforce or Enforce.

2- The SWG connects routinely to the DC to obtain all known users LDAP group information.

3- User connects to the Internet site via the proxy.

4- Users browser receives an NTLM challenge from the Web Gateway.

5- Users browser responds transparently with a hash of the users credentials.

6- The Web Gateway connects to Domain Controller (noted in LDAP settings) to verify credentials.

8-      If verification succeeds, policies are applied according to LDAP information.

9-      In the event that the NTLM process is not working correctly, or the users LDAP information is not yet known, the SWG will apply the next IP based policy or the default policy.

Comparison of NTLM and DC Interface Features

NTLM has some Advantages over DC Interface

DCI

NTLM

Provides only user identification service.

Provides both Identification and Authentication services

Integration with domain controller requires installation of agent software on at least one of the domain controllers in the environment

Integration with domain controller does not require any additional software

Policy is mapped on the basis of initially assigned IP to a machine. This results is policy mismatch if user switches the machine

Policy is based on username and only works for designated user