Cisco Secure ACS for Windows Server is a network security software
application that helps to control access to the campus, dial-in access, and
Internet access
,
. Cisco
Secure ACS for Windows Server operates as Windows 2000 services and controls
authentication, authorization, and accounting (AAA) of users accessing the
network.
Cisco Secure ACS for Windows Server provides AAA services to
network devices that function as AAA clients, such as routers, network access
servers, PIX Security Appliances, or VPN 3000 Concentrators. An AAA client is
any device that provides AAA client functionality and uses one of the AAA
protocols supported by Cisco Secure ACS. It also supports third-party devices
that can be configured with TACACS+ or RADIUS protocols. Cisco Secure ACS
treats all such devices as AAA clients. Cisco Secure ACS uses the TACACS+ and
RADIUS protocols to provide AAA services that ensure a secure environment.
Cisco Secure ACS helps centralize access control and accounting, in addition
to router and switch access management. With Cisco Secure ACS, network
administrators can quickly administer accounts and globally change levels of
service offerings for entire groups of users. Although the use of an external
user database is optional, support for many popular user repository
implementations enables companies to use the working knowledge gained from and
the investment already made in building the corporate user repositories.
Cisco Secure ACS for Windows Server version 3.3 is an easy-to-use AAA server
that is simple to install and administer. It runs on Microsoft Windows 2000
Server operating system. The Cisco Secure ACS for Windows Server administration
interface is viewed using supported web browsers, making it easy to
administer.
Cisco Secure ACS for Windows Server authenticates usernames
and passwords against the Windows 2000 user database, the Cisco Secure ACS for
Windows Server database, a token server database, or NDS.
Different
levels of security can be used with Cisco Secure ACS for different
requirements. The basic user-to-network security level is password
authentication protocol (PAP). Although it does not represent the highest form
of encrypted security, PAP does offer convenience and simplicity for the
client. PAP allows authentication against the Windows 2000 database. With this
configuration, users need to log in only once. CHAP allows a higher level of
security for encrypting passwords when communicating from a client to the
network access server (NAS). CHAP can be used with the Cisco Secure ACS user
database
.
The Cisco
Secure ACS extends access security by combining authentication, user or
administrator access, and policy control from a centralized identity networking
solution, allowing greater flexibility and mobility, increased security, and
user productivity gains. The Cisco Secure ACS reduces the administrative and
management burden involved in scaling user and network administrative access to
your network. By using a central database for all user accounts, the Cisco
Secure ACS centralizes the control of all user privileges and distributes them
to hundreds or thousands of access points throughout the network. As an
accounting service, the Cisco Secure ACS reduces IT operating costs by
providing detailed reporting and monitoring capabilities of network users'
behavior and by keeping a record of every access connection and device
configuration change across the entire network. The Cisco Secure ACS supports a
wide array of access connection types, including wired and wireless LAN,
dialup, broadband, content, storage, voice over IP, firewalls, and VPNs.