CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

Foundation Summary

The "Foundation Summary" provides a convenient review of many key concepts in this chapter. If you are already comfortable with the topics in this chapter, this summary can help you recall a few details. If you just read this chapter, this review should help solidify some key facts. If you are doing your final preparation before the exam, this summary provides a convenient way to review the day before the exam.

Authentication, authorization, and accounting are three separate functions performed by AAA servers to allow access to resources. Each of these functions has a specific goal. If you are using AAA, then authenticating the user is key. No access is granted if the requestor is not authenticated. The use of authorization and accounting are dependant on authentication, but it is not necessary to configure either authorization or accounting to make authentication function properly. The list below defines each of the components of AAA.

• Authentication Identifies the entity (user)

• Authorization Gives the user access based on his or her profile

• Accounting Maintains a record of user access

Cisco PIX Firewall Version 6.2 can maintain an internal user database for console authentication and command authorization or connect to an external AAA server. The PIX Firewall supports both RADIUS and TACACS+ technologies. Figure 16-20 shows the steps that the AAA server takes during the entire AAA process.

Cisco Secure ACS is available for Windows Server and can be configured for TACACS+ and RADIUS. The Cisco Secure ACS installation on Windows is an easy, step-by-step wizard installation.