Cisco Secure for Windows and UNIX

Cisco Systems has developed a number of scalable security software products to help protect and ensure a secured network in relation to Cisco products.

Cisco Secure Access Control Server (ACS), commonly referred to as Cisco Secure, provides additional network security when managing IP networks designed with Cisco devices.

Cisco Secure can run on Windows NT/2000 and UNIX platforms.

Three versions of Cisco Secure are listed here:

• Cisco Secure ACS for NT—This powerful ACS application for NT servers runs both TACACS+ and RADIUS. It can use NT username/password database or Cisco Secure ACS database.

• Cisco Secure ACS for UNIX—This powerful ACS application for UNIX includes support for TACACS+ and RADIUS. It supports SQL applications such as Oracle and Sybase.

• Cisco Secure Global Roaming Server—This performs TACACS+ and RADIUS proxy functions. It is a standalone server for large ISP networks.

NOTE Cisco also has a UNIX-based freeware TACACS+ server available for download.

NOTE Cisco Secure topics are tested in the CCIE Security lab exam (particularly Cisco Secure for Windows 2000 server). The written exam does not require you to have a detailed understanding of this application.

The main features of Cisco Secure ACS include the following:

• Supports centralization of AAA access for all users, including routers and firewalls

• Can manage Telnet access to routers and switches

• Can support an unlimited number of network access servers

• Supports many different Cisco platforms, including PIX access servers and routers

Figure 6-3 displays a typical centralized Cisco Secure ACS performing functions such as user authentication, authorization, and accounting.

Figure 6-3 Cisco Secure Example

Ethernet Switch

Figure 6-3 displays a typical centralized Cisco Secure ACS performing functions such as user authentication, authorization, and accounting.

Ethernet Switch

TACACS+/ RADIUS

Ethernet Switch

TACACS+/ RADIUS

Cisco Secure NT/UNIX

Ethernet Switch

Cisco Secure NT/UNIX

TACACS+/ RADIUS

Figure 6-3 displays a typical application where ISDN/PSTN users are authenticated by RADIUS or TACACS+ via the Cisco Secure ACS server.

In addition to simultaneous support for RADIUS/TACACS+, Cisco Secure also supports the following AAA features:

• TACACS+ support for the following:

— Privilege level support

— Time restrictions where access to network is controlled during the day and night

• RADIUS support for the following:

— Cisco RADIUS AV pairs

— IETF support (RADIUS is a defined standard)

• Others include the following:

— Support for virtual private networking

— The ability to disable accounts after a set number of failed attempts

Further description of the Cisco ACS application and screenshots are shown in the sample CCIE Security lab in Chapter 9, "CCIE Security Self-Study Lab."

0 0

Post a comment