Cisco Secure for Windows NT and Cisco Secure ACS

Cisco Systems has developed a number of scalable security software products to help protect and ensure a secured network in relation to Cisco products.

Cisco Secure provides additional network security when managing IP networks designed with Cisco devices.

Cisco Secure can run on Windows NT/2000 and UNIX platforms. The latest CCIE Security examination no longer requires a candidate to be proficient in the UNIX version. Some details are left in this guide for completeness so that in the real world you may have the full story from Cisco.

Cisco Secure for ACS is supported in three main flavors, for small, medium, and large ISP-based networks. Three versions of Cisco Secure are listed here:

■ Cisco Secure ACS for NT—This powerful ACS application for NT servers runs both TACACS+ and RADIUS. It can use an NT username/password database or Cisco Secure ACS database.

■ Cisco Secure ACS for UNIX—This powerful ACS application for UNIX includes support for TACACS+ and RADIUS. It supports SQL applications such as Oracle and Sybase.

■ Cisco Secure Global Roaming Server—This server performs TACACS+ and RADIUS proxy functions. It is a standalone server for large ISP networks. Cisco Secure Global Roaming Server recently has been replaced by Cisco CNR Access Register to take advantage of multiprocessor systems and provide the highest AAA performance.

NOTE Cisco Secure topics are tested in the CCIE Security lab exam (particularly Cisco Secure for Windows 2000 Server). The written exam does not require you to have a detailed understanding of this application. Chapter 8, "CCIE Security Self-Study Lab," contains an excellent example of how to configure Cisco Secure ACS for Windows NT in a real lab scenario and hence it is not covered in depth in this chapter.

Chapter 8 also contains a detailed example of how a VPN 3000 Concentrator is configured.

The main features of Cisco Secure include the following:

■ Supports centralization of AAA access for all users, including routers and firewalls

■ Can manage Telnet access to routers and switches

■ Can support a limited number of network access servers of between 5000 and 20,000 AAA clients

■ Supports many different Cisco platforms, including PIX access servers and routers

Figure 5-1 displays typical centralized Cisco Secure Server performing functions such as user authentication, authorization, and accounting.

Figure 5-1 Cisco Secure Example

TACACS+/ RADIUS

TACACS+/ RADIUS

TACACS+/ RADIUS

Figure 5-1 displays a typical application where ISDN/PSTN users are authenticated by RADIUS or TACACS+ via Cisco Secure.

TACACS+/ RADIUS

Figure 5-1 displays a typical application where ISDN/PSTN users are authenticated by RADIUS or TACACS+ via Cisco Secure.

In addition to simultaneous support for RADIUS/TACACS+, Cisco Secure also supports the following AAA features:

■ TACACS+ support for the following:

— Privilege level support

— Time restrictions where access to the network is controlled during the day and night

■ RADIUS support for the following:

— Cisco RADIUS AV pairs

— IETF support (RADIUS is a defined standard)

■ Other features include the following:

— Support for virtual private networking

— The ability to disable accounts after a set number of failed attempts

0 0

Post a comment