From Managing Cisco Network Security


Authentication, authorization, and accounting (AAA) provide the required framework to configure access control. This chapter will give an overview of the AAA mechanisms provided on the Cisco router and RAS.

Authentication is the process of verifying the identity of an entity. This process is usually done by exchanging information to prove one s identity. This information can take many forms: password, token, and a one-time password, among others.

Authorization is the process of giving permission to an entity to access a system resource. For example, network access can be restricted based on the identity of a client.

Accounting enables the network manager to keep track of the services and resources that are used by the users. The accounting process collects information such as the connection time, identity, and billing information.

Cisco AAA mechanisms support security protocols such as the Remote Access Dial-In User Service (RADIUS), the Terminal Access Controller Access Control System Plus (TACACS+), and Kerberos. This chapter will provide configuration examples of how AAA is applied in such situations as remote dial-in users and a Cisco Secure PIX Firewall.

AAA Overview

In its most basic form, authentication typically consists of a username and password for an individual to gain access to services or resources. Although used quite frequently in network security, it is the weakest type of authentication. With this type of security, you are prompted for your username when accessing a resource or service; upon entering your username, you are prompted for a password. What if the resource...

Copyright Syngress Publishing, Inc. 2000 under license agreement with Books24x7

Products & Services
Accounting Software
Accounting Software is software that records and processes accounting transactions.
Network Routers
Network routers are protocol-dependent devices that connect subnetworks, or that break down a large network into smaller subnetworks.
Data Security Software
Data security software restricts access to stored data and processes on a computer or server. These applications are designed to prevent data loss, corruption, or disclosure of sensitive information.
Network Clock Sources
Network clock sources are timing devices that use a signal from an atomic clock or other external reference source to set and maintain a central time for all of the elements in a network.
Mobile and Wireless Software
Mobile and wireless software is used to program and manage mobile and wireless devices such as cell phones, personal digital assistants (PDA), and global positioning systems (GPS).

Topics of Interest

Introduction A properly configured firewall can do a good job at protecting servers, but if your server needs to be visible from a public network then total protection is impossible. From an attacker...

Introduction The use of user-level security is becoming increasingly popular. This type of security enables us to develop and enforce policies on a per-user basis. Seldom is a network designed to be...

Introduction Authentication, authorization, and accounting (AAA) is an architectural framework for providing the independent but related functions of authentication, authorization, and accounting,...

Cisco Secure ACS To support your network s increasing amount of network devices that are used to control your network users connections to the Internet, your intranet, and specific devices, you can...

Introduction Managing one or two PIX firewalls is not very difficult. If the number of firewalls increases or configurations become more complex, management becomes more of a challenge.