Foundation Summary

The "Foundation Summary" section of each chapter lists the most important facts from the chapter. Although this section does not list every fact from the chapter that will be on your SNRS exam, a well-prepared candidate should at a minimum know all the details in each "Foundation Summary" section before going to take the exam.

Important points to remember about Cisco Secure ACS for Windows 2000/NT include the following:

• Helps centralize access control and accounting

• Can authenticate against many popular token servers

• Uses the RADIUS and TACACS+ protocols to provide AAA services that ensure a secure environment

• Provides AAA services to network devices that function as AAA clients, such as NASs, switches, PIX Firewalls, VPN concentrators, and routers

• Enables network administrators to quickly administer accounts and globally change levels of service for service offerings for entire group of users

• Supports many popular user repository implementations, including Windows AD

Several database utilities automate the maintenance, update, and backup of the Cisco Secure ACS database and network configuration, including the following:

• Database replication

• Database backup

The major services that make up Cisco Secure ACS for Windows are as follows:

• CSAdmin Provides the HTML interface for administration of Cisco Secure ACS

• CSAuth Provides authentication services

• CSDBSync Provides synchronization of the Cisco Secure user database with an external RDBMS application

• CSLog Provides logging services, both for accounting and system activity

• CSMon Provides monitoring, recording, and notification of Cisco Secure ACS performance, and includes automatic response to some scenarios

• CSTacacs and CSRadius Provides communication between RADIUS or TACACS+ AAA clients and the CSAuth service

Users are authenticated against the Cisco Secure ACS database. This database may be the internal or external to Cisco Secure server, allowing the flexibility to authenticate users based on information collected in different locations. The following are the types of user databases Cisco Secure ACS supports:

• Cisco Secure user database

• Windows AD and SAM database

• LEAP proxy RADIUS servers

• Token servers (RSA SecurID)

• RADIUS-compliant token servers

• ODBC-compliant relational databases

UCP is an application that enables users to change their Cisco Secure ACS passwords with a web-based utility.


0 0

Post a comment