As shown in the Figure, Cisco
provides the following security solutions:
- Clients - The dial clients
can utilize CiscoRemote or token cards as a secure means for
dialup. Token cards such as Secure Dynamics, Inc. (SDI), Enigma,
and CryptoCards are supported.
- Client protocols - Cisco
IOS® software supports Point-to-Point Protocol (PPP), Challenge
Handshake Authentication Protocol (CHAP), Password
Authentication Protocol (PAP), and MS-CHAP protocols for dialup
security. Cisco recommends using PPP with CHAP authentication.
But if Remote Access Dial-In User Service (RADIUS) or token cards
are implemented, PAP is required.
- Access servers - Cisco IOS
software supports the following protocols to provide a secure
means for dialup: dialer profiles, access control lists,
per-user access control lists, Lock and Key, Layer 2 Forwarding
Protocol (L2F), Layer 2 Tunnel Protocol (L2TP), and Kerberos V.
- Central-site protocols -
For security verification between the network access server
(NAS) and the network security server, the NAS supports Terminal
Access Controller Access System plus (TACACS+), RADIUS, and
Kerberos V protocols.
- Security servers - Cisco
Secure is the umbrella under which Cisco has a variety of
security server solutions. Cisco Secure UNIX and Cisco Secure NT
provide your network with AAA capabilities. Cisco also offers
the PIX™ Firewall as a standalone unit.
The graphic shows the Cisco Secure
access control server (ACS). This ACS can be used simultaneously
with dialup access servers, routers, and firewalls. Each of the network devices can be configured to communicate with an
ACS, making central control of dialup access possible for a service
provider. It can also be used to secure corporate network devices
from unauthorized access. Both applications have unique
authentication and authorization requirements. With a Cisco Secure
ACS, system administrators may use a variety of authentication
methods that are aligned with a varying degree of authorization
privileges. Centralizing control of network access simplifies access
management and helps establish consistent provisioning and security
policies.
Completing the access control
functionality, the Cisco Secure ACS serves as a central repository
for accounting information. Each user session that is granted by the
ACS can be fully accounted for and stored in the server. This
accounting information can be used for billing, capacity planning,
and security audits.
|