CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] - نسخه متنی

Tebyan

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید











  • Identity ManagementCisco Secure Access Control Server


    As networks and network security have evolved, so too have the methods of controlling access to these networks and their associated resources. Traditionally, a static username and password were considered adequate to secure access to the corporate network. However, with time and the enterprise's need for stronger security, the introduction of stronger security techniques, such as one-time passwords, have been introduced.

    One of the most significant problems in securing distributed systems is authentication; that is, ensuring that the parties to a conversationpossibly separated by a WAN and traversing untrusted systems and communications pathsare who they claim to be.

    From a security point of view, this leads to two distinct areas of concern:

    • Remote access to network resources from either dial-up or other remote services

    • Access to the corporate internetworking devices


    The Cisco solution to these concerns is the Cisco Secure Access Control Server (ACS). Cisco Secure ACS is a complete access control server that supports the industry-standard RADIUS protocol in addition to the Cisco proprietary TACACS+ protocol.

    Cisco Secure ACS is a high-performance, highly scalable, centralized user access control framework. Cisco Secure ACS offers centralized command and control of user access from a web-based GUI and distributes those controls to hundreds or thousands of access gateways in your network.

    With ACS, you can manage and administer user access for the following Cisco components:

    • IOS routers

    • VPNs

    • Firewalls

    • Dial and broadband digital subscriber line (DSL)

    • Cable access solutions

    • Voice over IP (VoIP)

    • Cisco wireless solutions

    • Cisco Catalyst switches via IEEE 802.1x access control


    In addition, you can leverage the same ACS access framework to control administrator access and configuration for all network devices in your network that are enabled with TACACS+.

    Advanced features include the following:

    • Automatic service monitoring

    • Database synchronization and importation of tools for large-scale deployments

    • Lightweight Directory Access Protocol (LDAP) user authentication support

    • User and administrative access reporting

    • Dynamic quota generation

    • Restrictions such as time of day and day of week

    • User and device group profiles


    Finally, Cisco Secure ACS provides authentication, authorization, and accounting (AAA) services to network devices that function as AAA clients, such as a network access servers, PIX Firewalls, or Cisco IOS routers.

    AAA is an architectural framework for configuring a set of three independent security functions in a consistent manner. Table 12-3 shows the Cisco AAA Protocol Definition, which provides a modular way of performing AAA services.

    Table 12-3. Cisco AAA Protocol Definition

    Protocol

    Description

    Authentication

    Provides the method of identifying users, including login and password dialog, challenge and response, messaging support, and encryption

    Authorization

    Provides the method for remote-access control, including one-time authorization or authorization for each service, per-user account list, and profile and user group support

    Accounting

    Provides the method for collecting and sending security server information used for billing, auditing, and reporting, such as user identities, start and stop times, executed commands, number of packets, and number of bytes


  • / 290