128
Cisco 3900 Series, Cisco 2900 Series, and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide
Chapter Configuring Security Features
Authentication, Authorization, and Accounting
comprehensive solution that allows easy access to a broad range of web resources and web-enabled
applications using native HTTP over SSL (HTTPS) browser support. SSL VPN delivers three modes of
SSL VPN access: clientless, thin-client, and full-tunnel client support.
For additional information about configuring SSL VPN, see the “SSL VPN” section of Cisco IOS
Security Configuration Guide: Secure Connectivity, Release 12.4T at:
http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/12_4t/
sec_secure_connectivity_12_4t_book.html.
Authentication, Authorization, and Accounting
Authentication, Authorization, and Accounting (AAA) network security services provide the primary
framework through which you set up access control on your router. Authentication provides the method
of identifying users, including login and password dialog, challenge and response, messaging support,
and, depending on the security protocol you choose, encryption. Authorization provides the method for
remote access control, including one-time authorization or authorization for each service, per-user
account list and profile, user group support, and support of IP, Internetwork Packet Exchange (IPX),
AppleTalk Remote Access (ARA), and Telnet. Accounting provides the method for collecting and
sending security server information used for billing, auditing, and reporting, such as user identities, start
and stop times, executed commands (such as PPP), number of packets, and number of bytes.
AAA uses protocols such as Remote Authentication Dial-In User Service (RADIUS), Terminal Access
Controller Access Control System Plus (TACACS+), or Kerberos to administer its security functions. If
your router is acting as a network access server, AAA is the means through which you establish
communication between your network access server and your RADIUS, TACACS+, or Kerberos security
server.
For information about configuring AAA services and supported security protocols, authentication
authorization, accounting, RADIUS, TACACS+, or Kerberos, see the following sections of Cisco IOS
Security Configuration Guide: Securing User Services, Release 12.4T at:
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/
12_4T/sec_securing_user_services_12.4t_book.html:
• Configuring Authentication
• Configuring Authorization
• Configuring Accounting
• Configuring RADIUS
• Configuring TACACS+
• Configuring Kerberos
Configuring AutoSecure
The AutoSecure feature disables common IP services that can be exploited for network attacks and
enables IP services and features that can aid in the defense of a network when under attack. These IP
services are all disabled and enabled simultaneously with a single command, greatly simplifying security
configuration on your router. For a complete description of the AutoSecure feature, see the AutoSecure
feature document at:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123_1/ftatosec.htm.
To Next Page
Loading...
Need help?
General
