Sites:
Home > Technical Library > Networking and Communication Equipment > Chapter 5: Configuring Authentication, Authorization, and Accounting

Chapter 5: Configuring Authentication, Authorization, and Accounting

By et al.
From Cisco Security Specialist's Guide to PIX Firewalls

Introduction

The use of user-level security is becoming increasingly popular. This type of security enables us to develop and enforce policies on a per-user basis. Seldom is a network designed to be open to all people or no people. Generally, you want to provide access to some people and not to others. For example, a server holding sensitive salary information should be accessible to certain members of the Human Resources department and no one else. How do you confirm that the person accessing the data is authorized to do so? This granular level of administration based on user or group name is possible using authentication, authorization, and accounting (AAA). In this chapter, you will learn how to use and configure AAA on the Cisco PIX firewall. You will also learn about the RADIUS and TACACS+ security protocols and the advantages and disadvantages of using each one.

The PIX firewall is capable of acting as an AAA client. The PIX can provide AAA functionality for administrative access to the firewall itself, as well as for traffic passing through the firewall. In this chapter, you will learn how to use this functionality with Cisco Secure Access Control Server for Windows, Cisco's AAA server.

AAA Concepts

AAA is an architectural framework for providing the independent but related functions of authentication, authorization, and accounting, which are defined as follows:

  • Authentication is the process of identifying and validating a user before allowing access to network devices and services. User identification and...

Copyright Syngress Publishing, Inc. 2002 under license agreement with Books24x7
Products & Services
Network Firewalls
Network firewalls protect computer networks against unauthorized use or attack. They permit or deny access to private network devices and applications, and represent an important part of an organization's overall security policy. Firewalls may be software applications, hardware devices (such as routers), or a combination of both. They include turnkey products that are relatively easy to install as well as complex, multi-layer installations that require the expertise of a certified network administrator. 
Network Security Software
Network security software includes everything from remote access protection to firewall and security appliance solutions to email security to web filtering, monitoring, bandwidth protection, and all elements of computer network security/computer security.
Security Software
Security software programs are used to restrict access to data, files and users on a computer or server.
Network Appliances
Network appliances are inexpensive personal computers (PC) or computer boards that provide Internet access and promote network security. They lack many of the features of fully-equipped PCs, however.
Network Security Services
Network security services determine vulnerability of networks to outside intruders, as well as maintain anti-viral and firewall updates and usage.
Topics of Interest

Introduction System management is an important part of configuring and maintaining your firewall. Without proper management, security policies cannot be enforced or monitored and a device might be...

Introduction Authentication, authorization, and accounting (AAA) provide the required framework to configure access control. This chapter will give an overview of the AAA mechanisms provided on the...

Introduction Managing one or two PIX firewalls is not very difficult. If the number of firewalls increases or configurations become more complex, management becomes more of a challenge.

Introduction So far, we have performed virtually all administration on the PIX firewall through the command-line interface, or CLI. In addition to the CLI for configuration and monitoring, the PIX...

Summary The Cisco PIX Firewall is a very versatile security device. From the PIX 506 SOHO model to the Enterprise class PIX 520 model, the PIX can fulfill the security needs of any size network.