Home > Articles > Cisco Network Technology > General Networking > Examining Cisco AAA Security Technology

Examining Cisco AAA Security Technology

Chapter Description

This chapter examines Cisco AAA security technology, including authentication, authorization, and accounting methods, and AAA security servers.

References

The topics considered in this chapter are complex and should be studied further to more fully understand them and put them to use. Use the following references to learn more about the topics in this chapter.

Token Card Servers

Axent Technologies token server in CiscoSecure ACS for Windows NT 2.4, located at http://www.axent.com.

CRYPTOCard token-card servers information, located at http://www.cryptocard.com.

SafeWord token-card and authentication servers information, located at http://www.securecomputing.com.

SecurID ACE/Server from RSA Security information, located at http://www.rsasecurity.com.

S/Key

RFC 1760, N. Haller, "The S/Key One-time Password System," February 1995.

RFC 2289, N. Haller, C. Metz, P. Nesser, and M. Straw, "A One-Time Password System," February 1998.

Refer to the following URL for more information on S/Key: medg.lcs.mit.edu/people/wwinston/skey-overview.html.

Refer to the CiscoSecure ACS for UNIX User's Guide, in the "S/Key Authentication" and "Working with S/Key Authentication" sections, for more information on S/Key.

PPP

RFC 1661, W. Simpson, editor, "The Point-to-Point Protocol (PPP)," July 1994.

CHAP

RFC 1994, W. Simpson, "PPP Challenge Handshake Authentication Protocol (CHAP)," August 1996.

MD5

RFC 1321, R. Rivest, "The MD5 Message-Digest Algorithm," April 1992.

TACACS+

draft-grant-tacacs-02.txt, D. Carrel and L. Grant, "The TACACS+ Protocol," January 1997. This Internet draft for TACACS+, proposed to IETF by Cisco Systems, Inc., can be found at search.ietf.org/internet-drafts/draft-grant-tacacs-02.txt.

RFC 1492, C. Finseth, "An Access Control Protocol, Sometimes Called TACACS," July 1993.

RADIUS

RFC 2138, C. Rigney, A. Rubens, W. Simpson, and S. Willens, "Remote Authentication Dial in User Service (RADIUS)," April 1997.

RFC 2139, C. Rigney, "RADIUS Accounting," April 1997.

Kerberos

"How to Kerberize Your Site," a Web page maintained by Jim Rome, a senior scientist. This Web page can be found at http://www.ornl.gov/~jar/HowToKerb.html.

"The Kerberos Network Authentication Service," a Web page maintained by USC/ISI's GOST Group. It contains lots of information and links about Kerberos. This Web page is located at gost.isi.edu/info/kerberos.

"Kerberos: The Network Authentication Protocol," a Web page supplied by MIT, located at http://web.mit.edu/kerberos/www/.

RFC 1510, C. Neuman, "The Kerberos Network Authentication Service (V5)," September 1993.

USC/ISI Technical Report number ISI/RS-94-399, B. Neuman and T. Ts'o, "Kerberos: An Authentication Service for Computer Networks," September 1994. This document can be found at nii.isi.edu/publications/kerberos-neuman-tso.html.

CiscoSecure ACS Security Server and Cisco IOS Software

Cisco IOS Software Security Configuration Guide, Cisco IOS Release 12.0, October 1998.