Features of CiscoSecure ACS for UNIX

Features and Benefits

CiscoSecure ACS v2.3 for UNIX provides the following features that allow network administrators to scale and deploy secure network services with centralized control, access management, and accounting within the Cisco Secure ACS framework:

• Simultaneous TACACS+ and RADIUS support for flexibility in implementation.

• HTML/JAVA GUI simplifies and speeds configuration for user and group profiles. SSL is also supported for secure server configuration.

• Administration of users using groups for maximum flexibility and to facilitate enforcement and changes of security policies.

• Token caching of passwords.

• Local and remote domain declaration.

• Virtual private dial-up network (VPDN) allows dial-up users to connect securely to a corporate network through a third-party ISP. VPDN can use AAA servers such as RADIUS and TACACS+ and services for better scalability of VPDN.

• Import mechanism to rapidly import a large number of users.

• Relational database support using Oracle, Sybase, or the included SQL Anywhere.

• Password support that includes Cleartext, DES encrypted, Bellcore S/Key, UNIX /etc/passwd file, Challenge Handshake Authentication Protocol (CHAP), Password Authentication Protocol (PAP), and AppleTalk Remote Access (ARA).

• Token server support for CryptoCard, Secure Computing, and Security Dynamics.

• Time-of-day and day-of-week access restrictions.

• User restrictions based on NAS name, port name, or remote address, including calling line ID (CLID.)

• Disabling of an account on a specific date.

• Disabling of an account after n failed attempts to thwart brute force attacks.

• Accounting information stored in the relational database.

Preparing to Install UNIX ACS

Cisco Secure ACS operates on UNIX Server as a service. Remembering the performance issues covered earlier, the UNIX server computer must meet the following minimum hardware and software requirements.