Securing Your Network with AAA
- Nov 21, 2003
This chapter is from the book
Terms you'll need to understand
CiscoSecure Access Control Server (ACS)
Authentication, authorization, and accounting (AAA)
Terminal Access Controller Access Control System (TACACS)
Remote Authentication Dial-In User Service (RADIUS)
Packet mode
Character mode
Techniques you'll need to master:
Starting the AAA process on a router
Configuring AAA addresses and passwords
Enabling authentication
Enabling authorization
Enabling accounting
Understanding the AAA commands
The Cisco Security Options
Cisco provides IOS options and hardware products to help secure your network and make securing the network easier. The router IOS now has a number of security options, such as virtual private network (VPN) capabilities and integration with intrusion detection system (IDS) sensors and the firewall feature set.
Each of the different security options is also available as a separate security appliance; typically, an appliance is another piece of hardware designed for a specific task. Some of the different appliances follow:
VPN concentrators and hardware clients—An appliance designed specifically for encryption and decryption to offload the work from routers, servers, workstations, and other infrastructure devices.
IDSs—Available to examine traffic passing along the wire looking for known signatures of attacks as well as other anomalies. One IDS option is an add-on card for the 6500 catalyst switch, a separate appliance for critical servers, known as a host-based IDS.
PIX Firewall—The PIX Firewall uses its own proprietary operating system, featuring a stateful packet-inspecting system based on the Adaptive Security Algorithm (ASA), cut-through proxy, hot standby, and failover capabilities.
