From Cisco Security Specialist's Guide to PIX Firewalls
The use of user-level security is becoming increasingly popular. This type of security enables us to develop and enforce policies on a per-user basis. Seldom is a network designed to be open to all people or no people. Generally, you want to provide access to some people and not to others. For example, a server holding sensitive salary information should be accessible to certain members of the Human Resources department and no one else. How do you confirm that the person accessing the data is authorized to do so? This granular level of administration based on user or group name is possible using authentication, authorization, and accounting (AAA). In this chapter, you will learn how to use and configure AAA on the Cisco PIX firewall. You will also learn about the RADIUS and TACACS+ security protocols and the advantages and disadvantages of using each one.
The PIX firewall is capable of acting as an AAA client. The PIX can provide AAA functionality for administrative access to the firewall itself, as well as for traffic passing through the firewall. In this chapter, you will learn how to use this functionality with Cisco Secure Access Control Server for Windows, Cisco's AAA server.
AAA is an architectural framework for providing the independent but related functions of authentication, authorization, and accounting, which are defined as follows:
Authentication is the process of identifying and validating a user before allowing access to network devices and services. User identification and...
Products & Services
Topics of Interest
Introduction System management is an important part of configuring and maintaining your firewall. Without proper management, security policies cannot be enforced or monitored and a device might be...
Introduction Authentication, authorization, and accounting (AAA) provide the required framework to configure access control. This chapter will give an overview of the AAA mechanisms provided on the...
Introduction Managing one or two PIX firewalls is not very difficult. If the number of firewalls increases or configurations become more complex, management becomes more of a challenge.
Introduction So far, we have performed virtually all administration on the PIX firewall through the command-line interface, or CLI. In addition to the CLI for configuration and monitoring, the PIX...
Summary The Cisco PIX Firewall is a very versatile security device. From the PIX 506 SOHO model to the Enterprise class PIX 520 model, the PIX can fulfill the security needs of any size network.