Home > Articles > Cisco > CCNP Routing and Switching

Securing Your Network with AAA

  • Print
  • + Share This
In this chapter from "CCNA BCRAN Exam Cram 2," the authors discuss CiscoSecure ACS, which is what provides a Cisco network with AAA capabilities. They also examine the three AAA services—Authentication, Authorization, and Accounting—in detail.
This chapter is from the book

Terms you'll need to understand

  • CiscoSecure Access Control Server (ACS)

  • Authentication, authorization, and accounting (AAA)

  • Terminal Access Controller Access Control System (TACACS)

  • Remote Authentication Dial-In User Service (RADIUS)

  • Packet mode

  • Character mode

Techniques you'll need to master:

  • Starting the AAA process on a router

  • Configuring AAA addresses and passwords

  • Enabling authentication

  • Enabling authorization

  • Enabling accounting

  • Understanding the AAA commands

The Cisco Security Options

Cisco provides IOS options and hardware products to help secure your network and make securing the network easier. The router IOS now has a number of security options, such as virtual private network (VPN) capabilities and integration with intrusion detection system (IDS) sensors and the firewall feature set.

Each of the different security options is also available as a separate security appliance; typically, an appliance is another piece of hardware designed for a specific task. Some of the different appliances follow:

  • VPN concentrators and hardware clients—An appliance designed specifically for encryption and decryption to offload the work from routers, servers, workstations, and other infrastructure devices.

  • IDSs—Available to examine traffic passing along the wire looking for known signatures of attacks as well as other anomalies. One IDS option is an add-on card for the 6500 catalyst switch, a separate appliance for critical servers, known as a host-based IDS.

  • PIX Firewall—The PIX Firewall uses its own proprietary operating system, featuring a stateful packet-inspecting system based on the Adaptive Security Algorithm (ASA), cut-through proxy, hot standby, and failover capabilities.

  • + Share This
  • 🔖 Save To Your Account