Features of CiscoSecure ACS for UNIX

Features of CiscoSecure ACS for UNIX

The most recent UNIX version is CiscoSecure Access Control Server v2.3 for UNIX (Solaris) to control the authentication, authorization, and accounting of users accessing the corporate network, Internet, or intranet. Using Cisco Secure ACS, network administrators can control the following:

  • Which users can access the network from either wired or wireless connections

  • What privileges each user can have while in the network

  • What accounting information is kept for capacity planning, account billing, or security audits

Features and Benefits

CiscoSecure ACS v2.3 for UNIX provides the following features that allow network administrators to scale and deploy secure network services with centralized control, access management, and accounting within the Cisco Secure ACS framework:

  • Simultaneous TACACS+ and RADIUS support for flexibility in implementation.

  • HTML/JAVA GUI simplifies and speeds configuration for user and group profiles. SSL is also supported for secure server configuration.

  • Administration of users using groups for maximum flexibility and to facilitate enforcement and changes of security policies.

  • Token caching of passwords.

  • Local and remote domain declaration.

  • Virtual private dial-up network (VPDN) allows dial-up users to connect securely to a corporate network through a third-party ISP. VPDN can use AAA servers such as RADIUS and TACACS+ and services for better scalability of VPDN.

  • Import mechanism to rapidly import a large number of users.

  • Relational database support using Oracle, Sybase, or the included SQL Anywhere.

  • Password support that includes Cleartext, DES encrypted, Bellcore S/Key, UNIX /etc/passwd file, Challenge Handshake Authentication Protocol (CHAP), Password Authentication Protocol (PAP), and AppleTalk Remote Access (ARA).

  • Token server support for CryptoCard, Secure Computing, and Security Dynamics.

  • Time-of-day and day-of-week access restrictions.

  • User restrictions based on NAS name, port name, or remote address, including calling line ID (CLID.)

  • Disabling of an account on a specific date.

  • Disabling of an account after n failed attempts to thwart brute force attacks.

  • Accounting information stored in the relational database.

Preparing to Install UNIX ACS

Cisco Secure ACS operates on UNIX Server as a service. Remembering the performance issues covered earlier, the UNIX server computer must meet the following minimum hardware and software requirements.

Hardware Requirements

The server must meet the following minimum hardware requirements:

  • Sun SPARCstation 20

  • CD-ROM drive

  • 128MB of RAM

  • 256MB of disk swap space

  • 500MB of disk space

Software Requirements

The server must meet the following software requirement:

  • Solaris V2.51 or V2.6, V7, V8

Third-Party Software Requirements

The server must have a compatible web browser installed. Both Java and JavaScript must be enabled for any web browsers to be used to administer Cisco Secure ACS. Cisco Secure ACS has been tested with the following browsers:

  • Microsoft Internet Explorer versions 5.0 and 5.5

  • Netscape Communicator version 4.76

External Databases
  • Oracle v7.33

  • Sybase v11.1

NAS Minimum IOS Requirements
  • Cisco IOS v11.1 (TACACS+)

  • Cisco IOS v11.2 (RADIUS)

Part III: Virtual Private Networks (VPNs)