Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
3686
Views
0
Helpful
0
Comments

Cisco Secure Access Control Server for Windows 4.1

Ashley Price
Community Member

‎08-25-2009 09:19 AM - edited ‎03-08-2019 06:29 PM

Introduction

Cisco Secure ACS is a scalable, high-performance Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System (TACACS+) security server.It is the centralized control point for managing network users, network administrators, and network infrastructure resources. ACS provides a comprehensive identity-based network-access control solution. It extends network-access security by combining traditional authentication, authorization, and accounting (AAA) with policy control.

ACS supports a broad variety of Cisco and other network-access devices (NADs), also known as AAA clients:

  • Wired and wireless LAN switches and access points
  • Edge and core routers
  • Dialup and broadband terminators
  • Content and storage devices
  • Voice over IP (VoIP)
  • Firewalls
  • Virtual private networks (VPNs)

Features

Cisco Secure ACS 4.1 release provides the following features:

  • Improved Compliance Support 
    • This release contains new ACS administrator permissions to improve password management and audit reports for regulatory compliance.
      • Authentication: 
        • Forcing periodic change of administrator's password
        • Applying password structure policy
        • Forcing administrator's password change for inactive account
        • Preventing the reuse of password (password history)
        • Disabling administrator accounts for inactivity
        • Disabling administrator accounts after failed logins
        • Allowing ACS administrators to change own passwords
      • Audit and Reporting: 
        • Logging all administrative actions via Syslog, in addition to existing logging targets.
        • Controlling administrators' access to log file configuration in order to prevent the disablement of specific audit logging.
        • Adding new reports for administrators privileges
      • Authorization: 
        • Providing a read-only privilege for users and groups
  • External database support for MAC Authentication Bypass 
    • The ability to maintain MAC address lists in an external LDAP server; and map MAC addresses to user groups
  • Improved diagnostics and error messages 
    • Improved diagnostic information about certificate mismatches with HCAP and GAME servers have been added to this release. The raw dump of GAME and HCAP messages is in a readable format and the authentication failure codes are now more intuitive.
  • PEAP/EAP-TLS Support 
    • The authenticator side of PEAP/EAP-TLS as a protocol enhancement is included in this release. This permits ACS to authenticate clients with PEAP by using EAP-TLS as the phase two inner method, and enables certificate based authentication to occur within a secure tunnel, encrypting identity information.
  • Logging and Reporting Extensions 
    • New internal mechanisms for logging have been added to this release, to create consistent log levels and improved performance. Syslog is supported and the capability to log ACS messages to remote servers that support Syslog standard is available.
  • Multiple concurrent logging destinations 
    • Log data may be sent to multiple destinations simultaneously.
  • Enhanced remote agent support for logging 
    • User can expose reports externally that were previously provided only locally, for files from previous versions, for example, sending audit reports to remote agent on appliance.
  • RADIUS AES Key Wrap Functionality 
    • This feature supports a secure, certified mode of operation, notably in a Federal Information Processing Standard (FIPS)-compliant wireless solution. RADIUS Key Wrap support with EAP-TLS authentication in ACS, is another step towards satisfying the set of security requirements in Cisco's practical, deployable, and interoperable secure solutions. AES replaces MD5 encryption.
  • Cisco NAC support 
    • ACS 4.1 acts as a policy decision point in NAC deployments. By using configurable policies, it evaluates and validates the credentials that it receives from the Cisco Trust Agent (posture), determines the state of the host, and sends a per-user authorization to the network-access device: ACLs, a policy based access control list, or a private VLAN assignment.
  • Extended replication components 
    • Improved and enhanced replication components have been added to this release. Administrators now can replicate: 
      • Posture validation settings
      • Additional logging attributes
  • Audit support for MAC Authentication Bypass 
    • Audit processing has been enhanced to include MAC Authentication Bypass (MAB). MAB enables double checking an audit request against a MAC authentication policy and an Audit Policy, and combines the evaluation of these two policies.
  • Audit Verification of MAC Exceptions 
    • User can apply MAC exceptions to NAC audit requests. Dual verification of endpoints is then possible.
  • Japanese Microsoft Windows Support 
    • New support for the Japanese version of Microsoft Windows 2003 at the service pack level is available. Only ACS for Windows supports the Japanese version of Windows 2003. The ACS Solution Engine does not support the Japanese OS.
Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents