Identity ManagementCisco Secure Access Control Server
As networks and network security have evolved, so too have the methods of controlling access to these networks and their associated resources. Traditionally, a static username and password were considered adequate to secure access to the corporate network. However, with time and the enterprise's need for stronger security, the introduction of stronger security techniques, such as one-time passwords, have been introduced.One of the most significant problems in securing distributed systems is authentication; that is, ensuring that the parties to a conversationpossibly separated by a WAN and traversing untrusted systems and communications pathsare who they claim to be.From a security point of view, this leads to two distinct areas of concern:
- Remote access to network resources from either dial-up or other remote services
- Access to the corporate internetworking devices
The Cisco solution to these concerns is the Cisco Secure Access Control Server (ACS). Cisco Secure ACS is a complete access control server that supports the industry-standard RADIUS protocol in addition to the Cisco proprietary TACACS+ protocol.Cisco Secure ACS is a high-performance, highly scalable, centralized user access control framework. Cisco Secure ACS offers centralized command and control of user access from a web-based GUI and distributes those controls to hundreds or thousands of access gateways in your network.With ACS, you can manage and administer user access for the following Cisco components:
- IOS routers
- VPNs
- Firewalls
- Dial and broadband digital subscriber line (DSL)
- Cable access solutions
- Voice over IP (VoIP)
- Cisco wireless solutions
- Cisco Catalyst switches via IEEE 802.1x access control
In addition, you can leverage the same ACS access framework to control administrator access and configuration for all network devices in your network that are enabled with TACACS+.Advanced features include the following:
- Automatic service monitoring
- Database synchronization and importation of tools for large-scale deployments
- Lightweight Directory Access Protocol (LDAP) user authentication support
- User and administrative access reporting
- Dynamic quota generation
- Restrictions such as time of day and day of week
- User and device group profiles
Finally, Cisco Secure ACS provides authentication, authorization, and accounting (AAA) services to network devices that function as AAA clients, such as a network access servers, PIX Firewalls, or Cisco IOS routers.AAA is an architectural framework for configuring a set of three independent security functions in a consistent manner. Table 12-3 shows the Cisco AAA Protocol Definition, which provides a modular way of performing AAA services.