Provides authentication authorization and accounting AAA for networks

The Cisco Secure ACS helps centralize access control, accounting, and client access management.

The Cisco Secure ACS software incorporates a multiuser, web-based Java configuration and management tool that simplifies server administration and enables multiple system administrators to simultaneously manage security services from multiple locations. The graphical user interface (GUI) supports Microsoft and Netscape web browsers and provides multiplatform compatibility.

Various methods of authentication are supported on the Cisco Secure ACS, such as manual password entry, CHAP, and one-time passwords, including token cards. Token cards are considered the strongest method used to authenticate connecting users and to prevent unauthorized users from accessing proprietary information.

Management of group and user information takes place on a database configured to work with the Cisco Secure ACS. To simplify management of group and user information, the Cisco Secure ACS supports internal Windows, Open DataBase Connectivity (ODBC), Lightweight Directory Access Protocol (LDAP), Novell Directory Services (NDS), and many token server databases.

Additional features included in the Cisco Secure ACS are the ability to automatically disable accounts for prevention of brute force attacks and limitations on the number of login sessions.

Cisco Secure ACS Components

This topic describes Cisco Secure ACS components.

Cisco Secure ACS Components

Cisco.com

Cisco Secure ACS

Cisco Secure ACS

Acc&ss Router Firewall Server

Acc&ss Router Firewall Server

TACACS+iRAOItfS

TACACS+iRAOItfS

The Cisco Secure ACS has three major components: AAA server (Cisco Secure ACS) AAA clients ■ User database

The AAA server gathers authentication information from an AAA configured client and verifies this information with a database. The Cisco Secure ACS then returns information to the AAA clients, permitting or denying user access. When the user authenticates successfully, the Cisco Secure ACS determines the authorization attributes to give the AAA client. Authorization attributes may include IP address pool, the type of protocol connection, or an ACL. The AAA client then begins forwarding accounting information to the Cisco Secure ACS.

AAA clients include a variety of Cisco products such as firewalls, routers, switches, and VPN Concentrators. These clients have software that allows them to communicate with the Cisco Secure ACS using either the TACACS+ or RADIUS protocols.

Cisco Secure ACS allows network administrators to easily administer accounts and globally change levels of services that are available for entire groups of users. The administrator can affect individual users or groups of users as they are configured in a specified database. This database may be a Windows NT or 2000, LDAP, NDS, ODBC, or many other token server databases.

Note Cisco Secure ACS operates successfully with Oracle version 7.3, Sybase SQL Server version 11, and Sybase SQLAnywhere by means of ODBC.

0 0

Post a comment