Top Down Network Design Chapter 10, Design Scenario The WVCC case study in this
ID: 3762456 • Letter: T
Question
Top Down Network Design
Chapter 10, Design Scenario
The WVCC case study in this chapter left some design decisions to the reader. In particu- lar, the case study doesn’t mention actual product selections made by the network designers. Making these selections is your job. Read through the case study and answer the following questions.
Please answer:
To accomplish user authentication for the private WLAN, WVCC’s IT department
will purchase a dedicated one-RU hardened appliance that will operate as a central-
ized RADIUS server. Do some Internet research to find such a server that will meet
WVCC’s needs and write two or three paragraphs about the product and why you
chose it.
Explanation / Answer
Wireless LAN (WLAN) Controller (WLC) to support an Internal web authentication.
Web authentication is a Layer 3 security feature that causes the controller to not allow IP traffic (except DHCP and DNS -related packets) from a particular client until that client has correctly supplied a valid username and password. It is a simple Authentication method without the need for a supplicant or client utility. Web authentication is typically used by customers who want to deploy a guest-access network. Typical deployments can include "hot spot" locations such as T-Mobile or Starbucks.
Keep in mind that web authentication does not provide data encryption. Web authentication is typically used as simple guest access for either a "hot spot" or campus atmosphere where the only concern is the connectivity.
security breaches and uncontrolled user access are of primary concern among enterprises are increasing these days.so, Stronger forms of authentication, such as public key infrastructure (PKI) and one-time passwords (OTPs), are increasingly used to control user access to corporate resources from public network are needed
Cisco Secure ACS is a highly scalable, high-performance access control server that operates as a centralized RADIUS and TACACS+ server. It extends access security by combining authentication, user access, and administrator access with policy control within a centralized identity networking solution, allowing greater flexibility and mobility, increased security, and user-productivity gains
Main Cisco Secure ACS Benefits
Benefit
Description
Ease of Use
A Web-based user interface simplifies and distributes configuration for user profiles, group profiles, and Cisco Secure ACS configuration.
Scalability
Cisco Secure ACS is built to support large networked environments with support for redundant servers, remote databases, and database replication and backup services.
Extensibility
Lightweight Directory Access Protocol (LDAP) authentication forwarding supports the authentication of user profiles stored in directories from leading directory vendors, including Sun, Novell, and Microsoft.
Management
Windows Active Directory support consolidates Windows user name and password management and uses the Windows Performance Monitor for real-time statistics viewing.
Administration
Different access levels for each Cisco Secure ACS administrator-and the ability to group network devices-enable easier control and maximum flexibility to facilitate enforcement and changes of security policy administration over all the devices in a network.
Product Flexibility
Because Cisco IOS® Software has embedded support for AAA, Cisco Secure ACS can be used across virtually any network access server that Cisco sells (the Cisco IOS Software release must support RADIUS or TACACS+).
Cisco Secure ACS is available in two options: Cisco Secure ACS Solution Engine, a rack-mountable, security-hardened appliance and Cisco Secure ACS for Windows, a scalable and feature-rich software that runs on Windows platform
Integration
Tight coupling with Cisco IOS routers and VPN solutions provides features such as Multichassis Multilink Point-to-Point Protocol (PPP) and Cisco IOS Software command authorization.
Third-Party Support
Cisco Secure ACS offers token server support for any OTP vendor that provides an RFC-compliant RADIUS interface (such as RSA, PassGo, Secure Computing, ActiveCard, Vasco, or CryptoCard).
Control
Cisco Secure ACS provides dynamic quotas for time-of-day, network use, number of logged sessions, and day-of-week access restrictions.
Features and Benefits
Cisco Secure ACS 4.1 provides the following new features and benefits:
• Regulatory compliance support-Cisco Secure ACS 4.1 addresses the increased concern about compliance with the Sarbanes-Oxley Act. Release 4.1 supports compliance features associated with Cisco Secure ACS administrator permission and audit reports. The features include:
– Administrative constraints on log settings- Restricts administrators from disabling certain types of logging.
– Forced administrator password change at logon-Prompts the administrators to change the password at configurable time intervals.
– Administrator password policy-Provides a mechanism to enforce a configurable minimum password length and mix of characters (upper/lower case, numeric, punctuation).
– Forced administrator password change for stale account-Enforces password change when the administrator has not logged on in a specified number of days.
– Generation of entitlement reports-Provides a report that will show all administrator privileges.
– Password history for administrators-Prevents administrators from reusing passwords.
• Syslog support-Provides the native syslog support to log data out of Cisco Secure ACS. Supports standard Cisco syslog format and will integrate with Cisco Security Monitoring, Analysis, and Monitoring System (MARS).
• External database MAC authentication bypass-Supports the use of external LDAP database for authentication based on MAC address. This functionality is an enhancement from current internal database MAC authentication bypass support.
• Protected Extensible Authentication Protocol (PEAP) with Extensible Authentication Protocol Transport Layer Security (EAP-TLS)-Enables certificate-based authentication to occur within a secure tunnel.
• Support for Japanese version of Windows-The Cisco Technical Assistance Center (TAC) will officially support Cisco Secure ACS on Japanese Windows.
Benefit
Description
Ease of Use
A Web-based user interface simplifies and distributes configuration for user profiles, group profiles, and Cisco Secure ACS configuration.
Scalability
Cisco Secure ACS is built to support large networked environments with support for redundant servers, remote databases, and database replication and backup services.
Extensibility
Lightweight Directory Access Protocol (LDAP) authentication forwarding supports the authentication of user profiles stored in directories from leading directory vendors, including Sun, Novell, and Microsoft.
Management
Windows Active Directory support consolidates Windows user name and password management and uses the Windows Performance Monitor for real-time statistics viewing.
Administration
Different access levels for each Cisco Secure ACS administrator-and the ability to group network devices-enable easier control and maximum flexibility to facilitate enforcement and changes of security policy administration over all the devices in a network.
Product Flexibility
Because Cisco IOS® Software has embedded support for AAA, Cisco Secure ACS can be used across virtually any network access server that Cisco sells (the Cisco IOS Software release must support RADIUS or TACACS+).
Cisco Secure ACS is available in two options: Cisco Secure ACS Solution Engine, a rack-mountable, security-hardened appliance and Cisco Secure ACS for Windows, a scalable and feature-rich software that runs on Windows platform
Integration
Tight coupling with Cisco IOS routers and VPN solutions provides features such as Multichassis Multilink Point-to-Point Protocol (PPP) and Cisco IOS Software command authorization.
Third-Party Support
Cisco Secure ACS offers token server support for any OTP vendor that provides an RFC-compliant RADIUS interface (such as RSA, PassGo, Secure Computing, ActiveCard, Vasco, or CryptoCard).
Control
Cisco Secure ACS provides dynamic quotas for time-of-day, network use, number of logged sessions, and day-of-week access restrictions.