Introduction

The use of user-level security is becoming increasingly popular. This type of security enables us to develop and enforce policies on a per-user basis. Seldom is a network designed to be open to all people or no people. Generally, you want to provide access to some people and not to others. For example, a server holding sensitive salary information should be accessible to certain members of the Human Resources department and no one else. How do you confirm that the person accessing the data is authorized to do so? This granular level of administration based on user or group name is possible using authentication, authorization, and accounting (AAA). In this chapter, you will learn how to use and configure AAA on the Cisco PIX firewall. You will also learn about the RADIUS and TACACS+ security protocols and the advantages and disadvantages of using each one.

The PIX firewall is capable of acting as an AAA client. The PIX can provide AAA functionality for administrative access to the firewall itself, as well as for traffic passing through the firewall. In this chapter, you will learn how to use this functionality with Cisco Secure Access Control Server for Windows, Cisco's AAA server.

AAA Concepts

AAA is an architectural framework for providing the independent but related functions of authentication, authorization, and accounting, which are defined as follows:

• Authentication is the process of identifying and validating a user before allowing access to network devices and services. User identification and...