ACS: Hardening best practices

Nadav · ‎10-29-2015

Hi guys,

Is there any documentation on best practices to harden an ACS 5.x (specifically 5.8) deployment? These include removing unnecessary services and such.

Thanks!

Ganesh Hariharan · ‎10-31-2015

Hi guys,
Is there any documentation on best practices to harden an ACS 5.x (specifically 5.8) deployment? These include removing unnecessary services and such. 
Thanks!

Hi Hod,

Check out the below link on ACS applicane security Hardening.

http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_installation_guide_chapter09186a0080203018.html

Hope it Helps..

-GI

Rate Helpful Posts

Nadav · ‎10-31-2015

Hi Ganesh,

Thanks for replying.

The Installation and Setup Guide for Cisco Secure ACS Appliance didn't supply any of the hardening information I'm looking for. I'm interesterd in hardening ACS via software (whether appliance or VM). This includes use of LDAP over TLS, PKI-based trust between different ACS nodes, disabling services that aren't implemented in my use case, changing default ports for protocols, whitelisting allowed protocols per access policy etc.

Most of these I know how to implemet just by looking over the config guide yet I haven't found a document which aggregates all the security-conscious options and best practicies for ACS.

vyas.nilay · ‎06-01-2016

If you are still looking for the information then try following link,

http://www.security-solutions.co.za/cisco-acs-best-practices.html#_Toc300056481

It is bit old information but one of the good information I have found.. I am still looking for some more information or may be latest one..

I will be keen to know if you have some latest information.

ta

Nilay.