Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com. 2006 Cisco Systems, Inc. All rights reserved."

Transcription

1 Cisco Secure ACS Overview By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved. 1

2 Cisco Secure Access Control System Policy Control and Integration ti Point for Network Access Enterprise network access control platform Remote Access (VPN) Wireless & Wired Access (LEAP, PEAP, EAP-FAST, 802.1x, etc) Administrative access control system for Cisco network devices (TACACS+) Auditing, compliance and accounting features Control point for access policy & application access integration Cisco Access Control System for management, Policy Decision Point (PDP) evaluation, reporting, and troubleshooting of access control policy 2

3 Consistent Policy Control and Compliance Key Scenarios Device Administration Remote Access Wireless and 802.1x Network Admission Control (NAC) ACS CiscoWorks AD / LDAP Compliance features Authentication policy (OTP, complex password ) Authorization enforcement (network access, device command authorization ) Audit logging Posture / Audit 3

4 ACS Network Access Control Point Who? Remote Users Home Office Road Warrior Campus User Guest User Laptop Device Cisco VPN Client Where? Provider Why? Some of the people some of the time All of the people all of the time Dial Access Cisco or CCX WLAN Client Web Auth Aironet AP ISP AAA VPN Concentrator RADIUS User Repository (LDAP, AD, OTP, ODBC) All machines All devices 802.1x Supplicant Cisco Trust Agent Posture Client Catalyst Switch Cisco Secure ACS External Policy and Audit Servers (HCAP, GAME) User, Machine, Posture CTS Device Posture Client IOS Router Enterprise NIC Controller (TRDP) 4

5 How is ACS used Our customers use ACS for: 1.Authentication and authorization (privileges) of remote users (traditional RADIUS) 2.Security of wired and wireless networks (EAP) 3.Administrators' access management to network devices and applications (TACACS+) 4.Security audit reports or account billing information Ships in two form factors: Software and Appliance ACS has been successful because it combines access security, authentication, user and administrator access, and policy control in a centralized identity framework 5

6 AAA Related Protocols RADIUS Remote Authentication Dial In User Service TACACS+ - Terminal Access Controller Access Control System TACACS+ is supported by the Cisco family of routers and access servers. This protocol is a completely new version of the TACACS protocol referenced by RFC

7 What is RADIUS? A protocol used to communicate between a network device and an authentication server or database. Allows the communication of login and authentication information. i.e.. Username/Password, OTP, etc. Allows the communication of arbitrary value pairs using Vendor Specific Attributes (VSAs). Can also act as a transport for EAP messages. RFC 2058 UDP Header RADIUS Header EAP Payload 7

8 How Cisco Secure ACS Operates Variety of Local or Authentication TACACS+ Variety of External Methods RADIUS Databases AAA Client (Network Access Server) Cisco Secure ACS AAA Client/Server -AAA Client defers authorization to centralized AAA server - Highly scalable - Uses standards-based protocols for AAA services 8

9 Some important points of Authentication The process of authentication is used to verify a claimed identity An identity is only useful as a pointer to an applicable policy and for accounting Without authorization or associated policies, authentication alone is pretty meaningless An authentication system is only as strong as the method of verification used 9

10 Network Access Control Model Device Access ACS LAN Wireless Request for Service Backend Authentication (Connectivity) Support 802.1x RADIUS Identity Store Integration Protocols and Mechanism Extensible Authentication Protocol (EAP-RFC 3748) IEEE 802.1x framework Use of RADIUS 10

11 How RADIUS is used here? RADIUS acts as the transport for EAP, from the authenticator ti t (switch) to the authentication ti ti server (RADIUS server) RFC for how RADIUS should support EAP between authenticator and authentication server RFC 3579 IP Header UDP Header RADIUS Header EAP Payload RADIUS is also used to carry policy instructions back to the authenticator in the form of AV pairs IP Header UDP Header RADIUS Header EAP Payload Usage guideline for 802.1x authenticators use of RADIUS RFC 3580 AV Pairs 11

12 What s EAP? EAP The Extensible Authentication Protocol A flexible protocol used to carry arbitrary authentication information not the authentication method itself. Rose out of need to reduce complexity of relationships between systems and increasing need for more elaborate and secure authentication methods Typically rides directly over data-link layers such as 802.1x or PPP media. Originally specified in RFC 2284, obsolete by RFC

13 What does it do? Transports authentication information in the form of Extensible Authentication Protocol (EAP) payloads A switch or access point becomes a conduit for relaying EAP received in 802.1x packets to an authentication server by using RADIUS to carry EAP information Establishes and manages connection; allows authentication by encapsulating various types of authentication exchanges; EAP messages can be encapsulated in the packets of other protocols, such as 802.1x or RADIUS Three forms of EAP are specified in the standard EAP-MD5 MD5 hashed username/password EAP-OTP one-time passwords EAP-GTC token-card dimplementations ti requiring ii user input Ethernet t Header 802.1x Header EAP Payload 13

14 Current Prevalent Authentication Methods Challenge-response-based EAP-MD5: Uses MD5 based challenge-response for authentication LEAP: Uses username/password authentication EAP-MSCHAPv2: Uses username/password MSCHAPv2 challenge-response authentication Cryptographic-based EAP-TLS: Uses x.509 v3 PKI certificates and the TLS mechanism for authentication Tunneling methods PEAP: Protected EAP tunnel mode EAP encapsulator; tunnels other EAP types in an encrypted tunnel much like web based SSL EAP-TTLS: Other EAP methods over an extended EAP-TLS encrypted tunnel EAP-FAST: Recent tunneling method designed to not require certificates at all for deployment Other EAP-GTC: Generic token and OTP authentication 14

15 IEEE 802.1x 802.1x is a client-server-based access control and authentication protocol that restricts unauthorized devices from connecting to a LAN through publicly accessible ports ACS - AAA Server User activates link (ie: turns on the PC) 2 Switch requests authentication server if user is authorized to access LAN 3 Authentication server responds with authority access 4 Switch opens controlled port (if authorized) for user to access LAN 15

16 Features and Functions 16

17 Hardware/Software Platform ACS implements pe e identity management and AAA services CD-ROM version for any Windows 2003 server Appliance version delivered on hardened Win2003 OS Highly scalable (100, users, thousands of RADIUS/TACACS+ devices) and feature-richrich 17

18 Features Unique to the ACS Appliance Security-hardened underlying OS. Port-based packet filtering, allowing connections only to the ports necessary for Cisco Secure ACS operation. Serial console interface for initial configuration, subsequent management of IP connections, Web interface, and application of upgrades and remote reboots. The serial console interface supports both serial line and Telnet connections. SNMP read-only support to monitor the appliance from external systems. Backup/restore of the Cisco Secure ACS data via FTP. Recovery procedures. Network Timing Protocol (NTP) support for maintaining network time consistency with other appliances or network devices. 18

19 ACS The Policy Based Network Controller ACS Versions in the field: ACS 4.0 SW (FCS 2004) -> main feature NAC Phase 2 ( L2 Posture Validation and external audit, service based policy)) ACS 4.1 SW (FCS 2006) -> main feature extended d logging support, new ACS administrator management, PEAP/EAP-TLS support, Japanese Microsoft Windows Support ACS 4.2 SW (FCS 2008) 19

20 Service Based Policy The administrator entirely controls the ACS behavior by configuring aggregated Service Based Policies: How to process an access request: do (not) authenticate / using which auth protocols / do (not) validate posture / which posture protocols Credential validation policies (i.e. which DB to use for auth) Classification: map identity to user-group, map posture credentials to posture-token token Authorization policies: map from user-group & posture-token to radius profile Different policies can be applied to different network access. Example: wireless access vs. remote (VPN) access policy 20

21 ACS Features Automatic service monitoring, database synchronization, and importing tools for large-scale deployments LDAP, ODBC and OTP (RSA, others) user authentication Flexible 802.1X authentication support, including EAP-TLS, Protected EAP (PEAP), Cisco LEAP, EAP-FAST, and EAP-MD5 Downloadable ACLs for any Layer 3 device, including routers, PIX firewalls, and VPNs (per user, per group) Network & machine access restrictions and filters Device command set authorization Detailed audit and accounting reports Dynamic quota generation User and device group profiles 21

22 Deployment Scenarios Cisco Secure ACS 22

23 Remote User Network Access Scenario Centralized Access Control Server Remote Access - VPN Provider ISP AAA Centralized Access Control Server ACS View Wireless User Wireless 802.1x EAP-TLS VPN Concentrator Aironet AP RADIUS User Repository (LDAP, AD, OTP, ODBC) Wired user Catalyst Switch Cisco Secure ACS LAN 802.1x EAP-FAST IOS Router Enterprise External Policy and Audit Servers (HCAP, GAME)

24 Device Administration Scenario Network Administrators FULL ACCESS Routers, Switches, APs West-APs Backbone PARTIAL READ ONLY East Security Perimeter T+ or RADIUS replication ACS Syslog, ACS or RA logging server SERVER ACCESS Unix DSMS SERVER ACCESS PBX Terminal Server System Access Secure auth mechanisms 24

25 GUI Interface/ Screen Shots 25

26 Cisco Secure ACS Accessing GUI Remote Administrator authentication page ( ) Administrator must be configured prior to remote login. If accessed on the local system (for example, using as the IP address) this page is not displayed and the administrator gains access. 26

27 Cisco Secure ACS Home Page 27

28 NAP Network Access Profile 28

29 29

Cisco Secure Access Control Server 4.2 for Windows

Cisco Secure Access Control Server 4.2 for Windows Cisco Secure Access Control Server 4.2 for Windows Overview Q. What is Cisco Secure Access Control Server (ACS)? A. Cisco Secure ACS is a highly scalable, high-performance access control server that operates

More information

Security. AAA Identity Management. Premdeep Banga, CCIE #21713. Cisco Press. Vivek Santuka, CCIE #17621. Brandon J. Carroll, CCIE #23837

Security. AAA Identity Management. Premdeep Banga, CCIE #21713. Cisco Press. Vivek Santuka, CCIE #17621. Brandon J. Carroll, CCIE #23837 AAA Identity Management Security Vivek Santuka, CCIE #17621 Premdeep Banga, CCIE #21713 Brandon J. Carroll, CCIE #23837 Cisco Press 800 East 96th Street Indianapolis, IN 46240 ix Contents Introduction

More information

(d-5273) CCIE Security v3.0 Written Exam Topics

(d-5273) CCIE Security v3.0 Written Exam Topics (d-5273) CCIE Security v3.0 Written Exam Topics CCIE Security v3.0 Written Exam Topics The topic areas listed are general guidelines for the type of content that is likely to appear on the exam. Please

More information

CCIE Security Written Exam (350-018) version 4.0

CCIE Security Written Exam (350-018) version 4.0 CCIE Security Written Exam (350-018) version 4.0 Exam Description: The Cisco CCIE Security Written Exam (350-018) version 4.0 is a 2-hour test with 90 110 questions. This exam tests the skills and competencies

More information

Network Security 1 Module 4 Trust and Identity Technology

Network Security 1 Module 4 Trust and Identity Technology Network Security 1 Module 4 Trust and Identity Technology 1 Learning Objectives 4.1 AAA 4.2 Authentication Technologies 4.3 Identity Based Networking Services (IBNS) 4.4 Network Admission Control (NAC)

More information

Cisco Secure Access Control Server Deployment Guide

Cisco Secure Access Control Server Deployment Guide Cisco Secure Access Control Server Deployment Guide 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 58 Contents Introduction... 4 Cisco Secure ACS...

More information

Cisco EXAM Implementing Cisco Secure Access Solutions (SISAS) Buy Full Product.

Cisco EXAM Implementing Cisco Secure Access Solutions (SISAS) Buy Full Product. Cisco EXAM - 300-208 Implementing Cisco Secure Access Solutions (SISAS) Buy Full Product http://www.examskey.com/300-208.html Examskey Cisco 300-208 exam demo product is here for you to test the quality

More information

Product Summary RADIUS Servers

Product Summary RADIUS Servers Configuration Guide for Cisco Secure ACS with 802.1x Authentication for Avaya 3631 Wireless Telephone This document details how to configure the Cisco Secure ACS (Access Control Server) v3.3 with 802.1x

More information

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0 ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Introduction to Network Security

More information

UNDERSTANDING IDENTITY-BASED NETWORKING SERVICES AUTHENTICATION AND POLICY ENFORCEMENT

UNDERSTANDING IDENTITY-BASED NETWORKING SERVICES AUTHENTICATION AND POLICY ENFORCEMENT UNDERSTANDING IDENTITY-BASED NETWORKING SERVICES AUTHENTICATION AND POLICY ENFORCEMENT John Stone CTO Cisco Systems Internetworking Ireland jstone@cisco.com 2005 Cisco Systems, Inc. All rights reserved.

More information

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication Objectives Define authentication Describe the different types of authentication credentials List and explain the

More information

Cisco Secure Control Access System 5.8

Cisco Secure Control Access System 5.8 Data Sheet Cisco Secure Control Access System 5.8 Cisco Secure Access Control System ties together an enterprise s network access policy and identity strategy. It is the world s most trusted policy-based

More information

UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU

UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU ITMS: 26140230008 DOPYTOVO ORIENTOVANÝ PROJEKT Moderné

More information

Implementing Cisco IOS Network Security v2.0 (IINS)

Implementing Cisco IOS Network Security v2.0 (IINS) Implementing Cisco IOS Network Security v2.0 (IINS) Course Overview: Implementing Cisco IOS Network Security (IINS) v2.0 is a five-day instructor-led course that is presented by Cisco Learning Partners

More information

CISCO IOS NETWORK SECURITY (IINS)

CISCO IOS NETWORK SECURITY (IINS) CISCO IOS NETWORK SECURITY (IINS) SEVENMENTOR TRAINING PVT.LTD [Type text] Exam Description The 640-553 Implementing Cisco IOS Network Security (IINS) exam is associated with the CCNA Security certification.

More information

Chapter 6 - EAP Authentication

Chapter 6 - EAP Authentication Chapter 6 - EAP Authentication This chapter describes using Extensible Authentication Protocol with FreeRADIUS. The following topics are discussed in this chapter: EAP Overview Types/Methods Testing with

More information

802.1x in the Enterprise Network

802.1x in the Enterprise Network 802.1x in the Enterprise Network Harrison Forest ICTN 6823 Abstract: This paper aims to provide a general over view of 802.1x authentication and its growing importance on enterprise networks today. It

More information

Particularities of security design for wireless networks in small and medium business (SMB)

Particularities of security design for wireless networks in small and medium business (SMB) Revista Informatica Economică, nr. 4 (44)/2007 93 Particularities of security design for wireless networks in small and medium business (SMB) Nicolae TOMAI, Cluj-Napoca, Romania, tomai@econ.ubbcluj.ro

More information

Certficate Extensions and Attributes Supporting Authentication in PPP and Wireless LAN. Daniel Schwarz

Certficate Extensions and Attributes Supporting Authentication in PPP and Wireless LAN. Daniel Schwarz Certficate Extensions and Attributes Supporting Authentication in PPP and Wireless LAN Daniel Schwarz Overview: 1. Introduction I. PKIX 2. Basics I. PPP II. EAP III. 802.1x IV. X.509 certificate extensions

More information

Network Access Security It's Broke, Now What? June 15, 2010

Network Access Security It's Broke, Now What? June 15, 2010 Network Access Security It's Broke, Now What? June 15, 2010 Jeffrey L Carrell Network Security Consultant Network Conversions SHARKFEST 10 Stanford University June 14-17, 2010 Network Access Security It's

More information

TABLE OF CONTENTS NETWORK SECURITY 2...1

TABLE OF CONTENTS NETWORK SECURITY 2...1 Network Security 2 This document is the exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors

More information

Cisco Secure Access Control System 5.5

Cisco Secure Access Control System 5.5 Data Sheet Cisco Secure Access Control System 5.5 Cisco Secure Access Control System (ACS) ties together an enterprise s network access policy and identity strategy. Cisco Secure ACS is the world s most

More information

642 552 Securing Cisco Network Devices (SND)

642 552 Securing Cisco Network Devices (SND) 642 552 Securing Cisco Network Devices (SND) Course Number: 642 552 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional, Cisco Firewall Specialist,

More information

Pulse Policy Secure. RADIUS Server Management Guide. Product Release 5.1. Document Revision 1.0. Published: 2015-02-10

Pulse Policy Secure. RADIUS Server Management Guide. Product Release 5.1. Document Revision 1.0. Published: 2015-02-10 Pulse Policy Secure RADIUS Server Management Guide Product Release 5.1 Document Revision 1.0 Published: 2015-02-10 2015 by Pulse Secure, LLC. All rights reserved iii Pulse Secure, LLC 2700 Zanker Road,

More information

Q&A. DEMO Version

Q&A. DEMO Version Implementing Cisco Secure Access Solutions (SISAS) Q&A DEMO Version Copyright (c) 2014 Chinatag LLC. All rights reserved. Important Note Please Read Carefully For demonstration purpose only, this free

More information

Step-by-step Guide for Configuring Cisco ACS server as the Radius with an External Windows Database

Step-by-step Guide for Configuring Cisco ACS server as the Radius with an External Windows Database Step-by-step Guide for Configuring Cisco ACS server as the Radius with an External Windows Database Table of Contents: INTRODUCTION:... 2 GETTING STARTED:... 3 STEP-1: INTERFACE CONFIGURATION... 4 STEP-2:

More information

NETWORK ACCESS CONTROL

NETWORK ACCESS CONTROL RIVIER ACADEMIC JOURNAL, VOLUME 3, NUMBER 2, FALL 2007 NETWORK ACCESS CONTROL Arti Sood * Graduate Student, M.S. in Computer Science Program, Rivier College Abstract Computers connected to the Internet

More information

Cisco TrustSec How-To Guide: Planning and Predeployment Checklists

Cisco TrustSec How-To Guide: Planning and Predeployment Checklists Cisco TrustSec How-To Guide: Planning and Predeployment Checklists For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table of Contents Table of Contents...

More information

642 523 Securing Networks with PIX and ASA

642 523 Securing Networks with PIX and ASA 642 523 Securing Networks with PIX and ASA Course Number: 642 523 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional and the Cisco Firewall

More information

Application Note: Onsight Device VPN Configuration V1.1

Application Note: Onsight Device VPN Configuration V1.1 Application Note: Onsight Device VPN Configuration V1.1 Table of Contents OVERVIEW 2 1 SUPPORTED VPN TYPES 2 1.1 OD VPN CLIENT 2 1.2 SUPPORTED PROTOCOLS AND CONFIGURATION 2 2 OD VPN CONFIGURATION 2 2.1

More information

On-boarding and Provisioning with Cisco Identity Services Engine

On-boarding and Provisioning with Cisco Identity Services Engine On-boarding and Provisioning with Cisco Identity Services Engine Secure Access How-To Guide Series Date: April 2012 Author: Imran Bashir Table of Contents Overview... 3 Scenario Overview... 4 Dual SSID

More information

TABLE OF CONTENTS NETWORK SECURITY 1...1

TABLE OF CONTENTS NETWORK SECURITY 1...1 Network Security 1 This document is the exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors

More information

SNRS. Securing Networks with Cisco Routers and Switches. Length 5 days. Format Lecture/lab

SNRS. Securing Networks with Cisco Routers and Switches. Length 5 days. Format Lecture/lab Length 5 days Format Lecture/lab Version 3.0 SNRS Course Description SNRS 1.0 is a 5-day, lab-intensive course that provides the knowledge and skills needed to secure Cisco IOS router and switch networks.

More information

How to configure 802.1X authentication on ProCurve switches

How to configure 802.1X authentication on ProCurve switches An HP ProCurve Networking Application Note How to configure 802.1X authentication on ProCurve switches Contents 1. Introduction... 3 1.1 Network Access Control methods... 3 1.2 Benefits of 802.1X... 3

More information

Network Security 1. Module 4 Trust and Identity Technology. Ola Lundh 070 69 86596 ola.lundh@edu.falkenberg.se

Network Security 1. Module 4 Trust and Identity Technology. Ola Lundh 070 69 86596 ola.lundh@edu.falkenberg.se Network Security 1 Module 4 Trust and Identity Technology Module 1 Trust and Identity Technology 4.1 AAA AAA Model Network Security Architecture Authentication Who are you? I am user student and my password

More information

The following chart provides the breakdown of exam as to the weight of each section of the exam.

The following chart provides the breakdown of exam as to the weight of each section of the exam. Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those

More information

WiFi Security: Deploying WPA/WPA2/802.1X and EAP in the Enterprise

WiFi Security: Deploying WPA/WPA2/802.1X and EAP in the Enterprise Michael Disabato Service Director Network & Telecom Strategies mdisabato@burtongroup.com Diana Kelley Senior Analyst Security & Risk Management Strategies dkelley@burtongroup.com www.burtongroup.com WiFi

More information

Securing Wireless LANs with LDAP

Securing Wireless LANs with LDAP A P P L I C A T I O N N O T E Securing Wireless LANs with LDAP Many organizations have standardized on LDAP (Lightweight Directory Access Protocol) servers as a repository for their users and related security

More information

Data Sheet. NCP Secure Enterprise Management. General description. Highlights

Data Sheet. NCP Secure Enterprise Management. General description. Highlights Data Sheet NCP Secure Enterprise Management General description NCP Secure Enterprise Management is the central component of the NCP Next Generation Network Access technology with integrated RADIUS server

More information

Deploying and Configuring Polycom Phones in 802.1X Environments

Deploying and Configuring Polycom Phones in 802.1X Environments Deploying and Configuring Polycom Phones in 802.1X Environments This document provides system administrators with the procedures and reference information needed to successfully deploy and configure Polycom

More information

NCP Secure Enterprise Management Next Generation Network Access Technology

NCP Secure Enterprise Management Next Generation Network Access Technology Data Sheet NCP Secure Enterprise Management Next Generation Network Access Technology General description NCP Secure Enterprise Management is the central component of the NCP Next Generation Network Access

More information

MSC-131. Design and Deploy AirDefense Solutions Exam. http://www.examskey.com/msc-131.html

MSC-131. Design and Deploy AirDefense Solutions Exam. http://www.examskey.com/msc-131.html Motorola MSC-131 Design and Deploy AirDefense Solutions Exam TYPE: DEMO http://www.examskey.com/msc-131.html Examskey Motorola MSC-131 exam demo product is here for you to test the quality of the product.

More information

L2F Case Study Overview

L2F Case Study Overview LF Case Study Overview Introduction This case study describes how one Internet service provider (ISP) plans, designs, and implements an access virtual private network (VPN) by using Layer Forwarding (LF)

More information

PassTest. Bessere Qualität, bessere Dienstleistungen!

PassTest. Bessere Qualität, bessere Dienstleistungen! PassTest Bessere Qualität, bessere Dienstleistungen! Q&A Exam : JN0-314 Title : Junos Pulse Access Control, Specialist (JNCIS-AC) Version : Demo 1 / 6 1.A customer wants to create a custom Junos Pulse

More information

Network Access Control and Cloud Security

Network Access Control and Cloud Security Network Access Control and Cloud Security Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials. Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials. CHAPTER 5 OBJECTIVES Configure a router with an initial configuration. Use the

More information

Cisco ASA. Administrators

Cisco ASA. Administrators Cisco ASA for Accidental Administrators Version 1.1 Corrected Table of Contents i Contents PRELUDE CHAPTER 1: Understanding Firewall Fundamentals What Do Firewalls Do? 5 Types of Firewalls 6 Classification

More information

Network Virtualization Network Admission Control Deployment Guide

Network Virtualization Network Admission Control Deployment Guide Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus

More information

Cisco Certified Security Professional (CCSP)

Cisco Certified Security Professional (CCSP) 529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Cisco Certified Security Professional (CCSP) Program Summary This instructor- led program with a combination

More information

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1 Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3

More information

Using IEEE 802.1x to Enhance Network Security

Using IEEE 802.1x to Enhance Network Security Using IEEE 802.1x to Enhance Network Security Table of Contents Introduction...2 Terms and Technology...2 Understanding 802.1x...3 Introduction...3 802.1x Authentication Process...3 Before Authentication...3

More information

Network Security and AAA

Network Security and AAA ICT Technical Update Module Network Security and AAA Prof. Dr Harsha Sirisena Electrical and Computer Engineering University of Canterbury AAA Introduction Overview A network administrator may allow remote

More information

SonicWALL PCI 1.1 Implementation Guide

SonicWALL PCI 1.1 Implementation Guide Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard

More information

802.1X Client Software

802.1X Client Software 802.1X Client Software REV1.0.0 1910011339 COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product

More information

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks. Table of Contents Section 1: Executive summary...1 Section 2: The challenge...2 Section 3: WLAN security...3 and the 802.1X standard Section 4: The solution...4 Section 5: Security...4 Section 6: Encrypted

More information

Cisco Secure Access Control Server Solution Engine

Cisco Secure Access Control Server Solution Engine Data Sheet Cisco Secure Access Control Server Solution Engine The Cisco Secure Access Control Server (ACS) provides a comprehensive identity networking solution and secure user experience for Cisco intelligent

More information

This chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview

This chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview This chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview Deployment models C H A P T E R 6 Implementing Network

More information

Deployment Guide: Cisco Guest Access Using the Cisco Wireless LAN Controller

Deployment Guide: Cisco Guest Access Using the Cisco Wireless LAN Controller Deployment Guide: Cisco Guest Access Using the Cisco Wireless LAN Controller August 2006 Contents Overview section on page 1 Configuring Guest Access on the Cisco Wireless LAN Controller section on page

More information

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches print email Article ID: 4941 Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches Objective In an ever-changing business environment, your

More information

Developing Network Security Strategies

Developing Network Security Strategies NETE-4635 Computer Network Analysis and Design Developing Network Security Strategies NETE4635 - Computer Network Analysis and Design Slide 1 Network Security Design The 12 Step Program 1. Identify network

More information

Chapter 10 Security Protocols of the Data Link Layer

Chapter 10 Security Protocols of the Data Link Layer Chapter 10 Security Protocols of the Data Link Layer IEEE 802.1x Point-to-Point Protocol (PPP) Point-to-Point Tunneling Protocol (PPTP) [NetSec], WS 2006/2007 10.1 Scope of Link Layer Security Protocols

More information

WLAN Security: Identifying Client and AP Security

WLAN Security: Identifying Client and AP Security WLAN Security: Identifying Client and AP Security 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0 4-1 Lesson Overview & Objectives Overview This lesson provides detailed discussions on the Cisco

More information

ClickShare Network Integration

ClickShare Network Integration ClickShare Network Integration Application note 1 Introduction ClickShare Network Integration aims at deploying ClickShare in larger organizations without interfering with the existing wireless network

More information

Question No : 3 When you configure an endpoint profiling policy rule, which option describes the purpose of the minimum certainty factor?

Question No : 3 When you configure an endpoint profiling policy rule, which option describes the purpose of the minimum certainty factor? Volume: 224 Questions Question No : 1 You enabled the guest session limit feature on the Cisco ISE. However, end users report that the same guest can log in from multiple devices simultaneously. Which

More information

Cisco Exam Implementing Cisco Secure Access Solutions Version: 10.0 [ Total Questions: 224 ]

Cisco Exam Implementing Cisco Secure Access Solutions Version: 10.0 [ Total Questions: 224 ] s@lm@n Cisco Exam 300-208 Implementing Cisco Secure Access Solutions Version: 10.0 [ Total Questions: 224 ] Question No : 1 With which two appliance-based products can Cisco Prime Infrastructure integrate

More information

Executive Summary. This white paper includes the following sections: A.What Does 802.1x Do? B. An Overview of the 802.1x Standard

Executive Summary. This white paper includes the following sections: A.What Does 802.1x Do? B. An Overview of the 802.1x Standard Allied Telesis White Paper 802.1x White Paper Executive Summary Security and flexibility are often seen as mutually exclusive requirements in a network, yet both are equally important. Security is crucial

More information

Network A. Network. Network C. Network B

Network A. Network. Network C. Network B Post-IP technologies virtualization and security Guy Pujolle 1 Virtualization for a post-ip network 2 Geni Intel would like to propose a generic router Intel proposes to have a generic hardware with virtual

More information

Authentication. Authentication in FortiOS. Single Sign-On (SSO)

Authentication. Authentication in FortiOS. Single Sign-On (SSO) Authentication FortiOS authentication identifies users through a variety of methods and, based on identity, allows or denies network access while applying any required additional security measures. Authentication

More information

CompTIA Network+ N Official Cert Guide Mapping Guide to CompTIA Network+ Simulator Labs

CompTIA Network+ N Official Cert Guide Mapping Guide to CompTIA Network+ Simulator Labs CompTIA Network+ N10 005 Official Cert Guide Mapping Guide to CompTIA Network+ Simulator Labs Domain 1.0: Network Concepts 1.1 Compare the layers of the OSI and TCP/IP Models TCP/IP Model Layer Matching

More information

Cisco Virtual Office Express

Cisco Virtual Office Express . Q&A Cisco Virtual Office Express Overview Q. What is Cisco Virtual Office Express? A. Cisco Virtual Office Express is a solution that provides secure, rich network services to workers at locations outside

More information

Cisco IT Validates Rigorous Identity and Policy Enforcement in Its Own Wired and Wireless Networks

Cisco IT Validates Rigorous Identity and Policy Enforcement in Its Own Wired and Wireless Networks Cisco IT Article December 2013 End-to-End Security Policy Control Cisco IT Validates Rigorous Identity and Policy Enforcement in Its Own Wired and Wireless Networks Identity Services Engine is an integral

More information

ACC-232 2002, Cisco Systems, Inc. All rights reserved.

ACC-232 2002, Cisco Systems, Inc. All rights reserved. 1 2 Securing 802.11 Wireless Networks Session 3 Session Information Basic understanding of components of 802.11 networks Please save questions until the end 4 Agenda Drivers for Wireless Security Wireless

More information

Authentication, Authorization and Accounting (AAA) Protocols

Authentication, Authorization and Accounting (AAA) Protocols Authentication, Authorization and Accounting (AAA) Protocols Agententechnologien in der Telekommunikation Sommersemester 2009 Babak Shafieian babak.shafieian@dai-labor.de 10.06.2009 Agententechnologien

More information

"Charting the Course...

Charting the Course... Description "Charting the Course... Course Summary Interconnecting Cisco Networking Devices: Accelerated (CCNAX), is a course consisting of ICND1 and ICND2 content in its entirety, but with the content

More information

Executive Summary and Purpose

Executive Summary and Purpose ver,1.0 Hardening and Securing Opengear Devices Copyright Opengear Inc. 2013. All Rights Reserved. Information in this document is subject to change without notice and does not represent a commitment on

More information

State of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture

State of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture State of Kansas Interim Wireless Local Area Networks Security and Technical Architecture October 6, 2005 Prepared for Wireless Policy Committee Prepared by Revision Log DATE Version Change Description

More information

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN)

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 10-1 Virtual LANs Description: Group of devices

More information

WIRELESS SECURITY IN 802.11 (WI-FI ) NETWORKS

WIRELESS SECURITY IN 802.11 (WI-FI ) NETWORKS January 2003 January WHITE 2003 PAPER WIRELESS SECURITY IN 802.11 (WI-FI ) NETWORKS With the increasing deployment of 802.11 (or Wi-Fi) wireless networks in business environments, IT organizations are

More information

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2 BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution

More information

Cisco Wireless LAN Controller Module

Cisco Wireless LAN Controller Module Cisco Wireless LAN Controller Modules Simple and secure wireless deployment and management for small and medium-sized businesses (SMBs) and enterprise branch offices Product Overview Cisco Wireless LAN

More information

freeradius A High Performance, Open Source, Pluggable, Scalable (but somewhat complex) RADIUS Server Aurélien Geron, Wifirst, January 7th 2011

freeradius A High Performance, Open Source, Pluggable, Scalable (but somewhat complex) RADIUS Server Aurélien Geron, Wifirst, January 7th 2011 freeradius A High Performance, Open Source, Pluggable, Scalable (but somewhat complex) RADIUS Server Aurélien Geron, Wifirst, January 7th 2011 freeradius is... Multiple protocoles : RADIUS, EAP... An Open-Source

More information

Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release

Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release PB526545 Cisco ASA Software Release 8.2 offers a wealth of features that help organizations protect their networks against new threats

More information

CISCO WIRELESS SECURITY SUITE

CISCO WIRELESS SECURITY SUITE Q&A CISCO WIRELESS SECURITY SUITE OVERVIEW What is the Cisco Wireless Security Suite? The Cisco Wireless Security Suite is an enterprise-ready, standards-based, wireless LAN (WLAN) security solution for

More information

This chapter describes how to set up and manage VPN service in Mac OS X Server.

This chapter describes how to set up and manage VPN service in Mac OS X Server. 6 Working with VPN Service 6 This chapter describes how to set up and manage VPN service in Mac OS X Server. By configuring a Virtual Private Network (VPN) on your server you can give users a more secure

More information

Security. Olga Torstensson Halmstad University. 2003, Cisco Systems, Inc. All rights reserved. FWL

Security. Olga Torstensson Halmstad University. 2003, Cisco Systems, Inc. All rights reserved. FWL Security Olga Torstensson Halmstad University 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0 8-1 Key terms WEP TKIP MIC EAP 802.1X WPA CCKM RADIUS SSH Encryption RSA RC4 (WEP) DES, 3DES, AES Cipher

More information

70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network

70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network 70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network Course Number: 70 299 Length: 1 Day(s) Course Overview This course is part of the MCSA training.. Prerequisites

More information

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0. Administration Guide

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0. Administration Guide BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Administration Guide SWDT487521-635336-0528040852-001 Contents 1 Overview: BlackBerry Enterprise Server... 21 Getting started in your BlackBerry

More information

CCNA Security. Chapter Two Securing Network Devices. 2009 Cisco Learning Institute.

CCNA Security. Chapter Two Securing Network Devices. 2009 Cisco Learning Institute. CCNA Security Chapter Two Securing Network Devices 1 The Edge Router What is the edge router? - The last router between the internal network and an untrusted network such as the Internet - Functions as

More information

Interconnecting Cisco Networking Devices: Accelerated Course CCNAX v2.0; 5 Days, Instructor-led

Interconnecting Cisco Networking Devices: Accelerated Course CCNAX v2.0; 5 Days, Instructor-led Interconnecting Cisco Networking Devices: Accelerated Course CCNAX v2.0; 5 Days, Instructor-led Course Description Interconnecting Cisco Networking Devices: Accelerated (CCNAX) v2.0 is a 60-hour instructor-led

More information

ClickShare Network Integration

ClickShare Network Integration ClickShare Network Integration Application note 1 Introduction ClickShare Network Integration aims at deploying ClickShare in larger organizations without interfering with the existing wireless network

More information

vwlan External RADIUS 802.1x Authentication

vwlan External RADIUS 802.1x Authentication 6ABSCG0002-29B July 2013 Configuration Guide vwlan External RADIUS 802.1x Authentication This configuration guide provides an in-depth look at external Remote Authentication Dial-In User Service (RADIUS)

More information

SSECMGT: CManaging Enterprise Security with Cisco Security Manager v4.x

SSECMGT: CManaging Enterprise Security with Cisco Security Manager v4.x SSECMGT: CManaging Enterprise Security with Cisco Security Manager v4.x Introduction The Managing Enterprise Security with Cisco Security Manager (SSECMGT) v4.0 course is a five-day instructor-led course

More information

Tim Bovles WILEY. Wiley Publishing, Inc.

Tim Bovles WILEY. Wiley Publishing, Inc. Tim Bovles WILEY Wiley Publishing, Inc. Contents Introduction xvii Assessment Test xxiv Chapter 1 Introduction to Network Security 1 Threats to Network Security 2 External Threats 3 Internal Threats 5

More information

RAD-Series RADIUS Server Version 7.1

RAD-Series RADIUS Server Version 7.1 RAD-Series RADIUS Server Version 7.1 Highly Customizable RADIUS Server for Controlling Access & Security in Wireless & Wired Networks Interlink Networks RAD-Series Authentication Authorization, and Accounting

More information

Kompetenčné centrum. Martin Jenčo martin.jenco@alefnula.sk V 1.0

Kompetenčné centrum. Martin Jenčo martin.jenco@alefnula.sk V 1.0 Kompetenčné centrum Martin Jenčo martin.jenco@alefnula.sk V 1.0 Cisco Secure ACS v5.1 Table of Contents Identity ACS v5.1 overview ACS v5.1 feature Rule-based policy model Demo Management Monitoring and

More information

Request for Proposal MDM0031012338. Offeror s Questions for RFP for Virtual Private Network Solution (VPN)

Request for Proposal MDM0031012338. Offeror s Questions for RFP for Virtual Private Network Solution (VPN) Request for Proposal MDM0031012338 Offeror s Questions for RFP for Virtual Private Network Solution (VPN) 1. How much throughput must the VPN support long-term? Answer: 10 GB firewall, 4 GB 3DES/AES VPN

More information

Interlink Networks Secure.XS and Cisco Wireless Deployment Guide

Interlink Networks Secure.XS and Cisco Wireless Deployment Guide Overview Interlink Networks Secure.XS and Cisco Wireless Deployment Guide (An AVVID certification required document) This document is intended to serve as a guideline to setup Interlink Networks Secure.XS

More information

Managing Enterprise Security with Cisco Security Manager

Managing Enterprise Security with Cisco Security Manager Course: Managing Enterprise Security with Cisco Security Manager Duration: 5 Day Hands-on Lab & Lecture Course Price: $ 3,395.00 Learning Credits: 34 Description: The Managing Enterprise Security with

More information

Cisco CCNP 642 845 Optimizing Converged Cisco Networks (ONT)

Cisco CCNP 642 845 Optimizing Converged Cisco Networks (ONT) Cisco CCNP 642 845 Optimizing Converged Cisco Networks (ONT) Course Number: 642 845 Length: 5 Day(s) Certification Exam This course will help you prepare for the following exam: Cisco CCNP Exam 642 845:

More information

Deploying iphone and ipad Virtual Private Networks

Deploying iphone and ipad Virtual Private Networks Deploying iphone and ipad Virtual Private Networks Secure access to private corporate networks is available on iphone and ipad using established industry-standard virtual private network (VPN) protocols.

More information