You are on page 1of 4

Data Sheet

Cisco Secure Access Control Server 4.1
Cisco Secure Access Control Server (ACS) provides a comprehensive, identity-based access control solution for Cisco intelligent information networks. It is the integration and control layer for managing enterprise network users, administrators, and the resources of the network infrastructure.
Cisco Secure ACS is available as a rack-mountable, dedicated appliance—Cisco Secure ACS Solution Engine—or as software that runs on Windows 2000 and 2003 platforms, Cisco Secure ACS for Windows. Both products provide secure, industry-leading authentication, authorization, and accounting (AAA) services to enterprises.
®

Product Overview
With an ever-increasing number of methods for accessing networks today, security breaches and uncontrolled user access are of primary concern among enterprises. With the wide adoption of IEEE 802.11 wireless LANs and ubiquitous broadband Internet connections, security challenges exist not only at the perimeter, but also inside a network. Identity networking technologies that can mitigate these security vulnerabilities have become of prime interest to customers worldwide. Stronger forms of authentication, such as public key infrastructure (PKI) and one-time passwords (OTPs), are increasingly used to control user access to corporate resources from public networks. Network administrators look for solutions that provide flexible authorization policies that are tied to the user identity, as well as to the network access type and the security of the machine used to access the network. Lastly, the ability to centrally track and monitor the connectivity of network users is of primary importance in isolating unwanted and excessive use of valuable network resources. Cisco Secure ACS is a highly scalable, high-performance access control server that operates as a centralized RADIUS and TACACS+ server. It extends access security by combining authentication, user access, and administrator access with policy control within a centralized identity networking solution, allowing greater flexibility and mobility, increased security, and user-productivity gains. It enforces a uniform security policy for all users regardless of how they access the network. It reduces the administrative and management burden involved in scaling user and network administrator access to the network. By using a central database for all user accounts, Cisco Secure ACS centralizes the control of all user privileges and distributes them to hundreds or thousands of access points throughout the network. As an accounting service, Cisco Secure ACS provides detailed reporting and monitoring capabilities of network users' behavior and keeps a record of every access connection and device configuration change across the entire network. This feature has become extremely important for organizations in complying with Sarbanes-Oxley Act regulations. Cisco Secure ACS supports a broad variety of access connections, including wired and wireless LAN, dialup, broadband, content, storage, voice over IP (VoIP), firewalls, and VPNs. Cisco Secure ACS is an important component of the Cisco Identity-Based Networking Services (IBNS) architecture. Cisco IBNS is based on port-security standards such as 802.1x (an IEEE standard for port-based network access control) and Extensible Authentication Protocol (EAP),

All contents are Copyright © 1992–2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 1 of 4

Secure Computing. thereby limiting damage from viruses and worms. Cisco NAC is part of the Cisco Self-Defending Network initiative and is the foundation for enabling network admission control on Layer 2 and Layer 3 networks. New policy controls (such as per-user quotas. This document is Cisco Public Information. Cisco Secure ACS provides dynamic quotas for time-of-day. including Sun. Different access levels for each Cisco Secure ACS administrator-and the ability to group network devices-enable easier control and maximum flexibility to facilitate enforcement and changes of security policy administration over all the devices in a network. Cisco Secure ACS is also an important component of Cisco Network Admission Control (NAC). customers can choose to allow network access only to compliant and trusted endpoint devices (for instance. and Cisco Secure ACS configuration. Novell. Cisco Secure ACS can be used across virtually any network access server that Cisco sells (the Cisco IOS Software release must support RADIUS or TACACS+). a rackmountable. PassGo. and access-control lists [ACLs]) can be deployed within this new architecture. group profiles. With NAC. VLAN assignments. infected systems can be dynamically quarantined from the rest of the network to significantly reduce virus. and day-of-week access restrictions. network use. Cisco Secure ACS offers token server support for any OTP vendor that provides an RFC-compliant RADIUS interface (such as RSA. Cisco Secure ACS is built to support large networked environments with support for redundant servers. and database replication and backup services. Release 4. authorization. Table 1 lists the main benefits of Cisco Secure ACS. servers. All rights reserved. This innovation enables compliant system elements to report misuse emanating from rogue or infected systems during an attack. ActiveCard. Table 1. Future phases extend endpoint and network security interoperation to include dynamic incident-containment capabilities. Cisco Secure ACS is available in two options: Cisco Secure ACS Solution Engine.Data Sheet and extends security authentication.1 addresses the increased concern about compliance with the Sarbanes-Oxley Act. and Microsoft.1 provides the following new features and benefits: ● Regulatory compliance support—Cisco Secure ACS 4. Vasco. Because Cisco IOS® Software has embedded support for AAA. Cisco Secure ACS is a powerful access control server with many high-performance and scalability features for any organization growing its WAN or LAN. and accounting (AAA) from the perimeter of the network to every connection point inside the LAN. Cisco NAC is an industry initiative sponsored by Cisco that uses the network infrastructure to enforce security-policy compliance on all devices seeking to access network computing resources. Windows Active Directory support consolidates Windows user name and password management and uses the Windows Performance Monitor for real-time statistics viewing. Lightweight Directory Access Protocol (LDAP) authentication forwarding supports the authentication of user profiles stored in directories from leading directory vendors. Features and Benefits Cisco Secure ACS 4. PCs. a scalable and feature-rich software that runs on Windows platform Management Administration Product Flexibility Integration Third-Party Support Control Tight coupling with Cisco IOS routers and VPN solutions provides features such as Multichassis Multilink Point-to-Point Protocol (PPP) and Cisco IOS Software command authorization. and blended threat propagation. Thus. remote databases. because of the extended capabilities of Cisco switches and wireless access points to query Cisco Secure ACS over the RADIUS protocol. and personal digital assistants) and can restrict the access of noncompliant devices. number of logged sessions. security-hardened appliance and Cisco Secure ACS for Windows. Inc. or CryptoCard). worm. Page 2 of 4 .1 supports compliance features All contents are Copyright © 1992–2006 Cisco Systems. Benefit Ease of Use Scalability Extensibility Main Cisco Secure ACS Benefits Description A Web-based user interface simplifies and distributes configuration for user profiles.

◦ Forced administrator password change for stale account—Enforces password change when the administrator has not logged on in a specified number of days. Inc.0 (1 front. security-hardened appliance with a preinstalled Cisco Secure ACS license.1 Specifications 3. This functionality is an enhancement from current internal database MAC authentication bypass support. Syslog support—Provides the native syslog support to log data out of Cisco Secure ACS. CPU System Memory HDD Media I/O Ports Physical Dimensions (1RU) Cisco Secure ACS Solution Engine 4. your Windows server must meet the minimum hardware requirements listed in Table 3. Table 2 lists the specifications of Cisco Secure ACS Solution Engine 4. 2 rear) ● 429 (W) x 508 (D) x 42 (H) mm ● 16. ◦ ● Password history for administrators—Prevents administrators from reusing passwords. All rights reserved. The features include: ◦ Administrative constraints on log settings— Restricts administrators from disabling certain types of logging.Data Sheet associated with Cisco Secure ACS administrator permission and audit reports. Page 3 of 4 . All contents are Copyright © 1992–2006 Cisco Systems. ◦ Administrator password policy—Provides a mechanism to enforce a configurable minimum password length and mix of characters (upper/lower case.1. Table 2. System Requirements Cisco Secure ACS is available as Cisco Secure ACS for Windows and the Cisco Secure ACS Solution Engine—a 1-rack-unit (RU). ◦ Forced administrator password change at logon—Prompts the administrators to change the password at configurable time intervals. ◦ Generation of entitlement reports—Provides a report that will show all administrator privileges. 2 MB cache 1GB 80 GB SATA CD/DVD combo RS232 Serial Port.1 for Windows. Analysis.4 GHz Intel Pentium 4. numeric. This document is Cisco Public Information.67 (H) in. ● Support for Japanese version of Windows—The Cisco Technical Assistance Center (TAC) will officially support Cisco Secure ACS on Japanese Windows. and Monitoring System (MARS). ● Protected Extensible Authentication Protocol (PEAP) with Extensible Authentication Protocol Transport Layer Security (EAP-TLS)—Enables certificate-based authentication to occur within a secure tunnel. Supports standard Cisco syslog format and will integrate with Cisco Security Monitoring. punctuation). 800 MHz FSB. ● External database MAC authentication bypass—Supports the use of external LDAP database for authentication based on MAC address.9 (W) x 20 (D) x 1. 345W Rated Input Power For implementation of Cisco Secure ACS 4. 3 USB 2.

Enterprise Edition or Standard Edition Minimum of 800 x 600 (256 colors) Processor Speed Memory Hard Drive Operating System Resolution Ordering Information Cisco Secure ACS products are available for purchase through regular Cisco sales and distribution channels worldwide.cisco. 1. All rights reserved. processes. To place an order. Specification Minimum Server Specifications for Cisco Secure ACS 4. For questions about product ordering. Please refer to the Cisco Secure ACS 4. availability. Page 4 of 4 . see Cisco Technical Support Services. Inc. Cisco services help you to protect your network investment. This document is Cisco Public Information. For more information about Cisco services. including the user guide and release notes.8 GHz or faster Minimum 1 GB RAM Minimum 250 MB free disk space ● Windows 2000 Server ● Windows 2000 Advanced Server without features specific to Windows 2000 Advanced Server enabled or without Microsoft clustering service installed ● Windows Server 2003. Printed in USA C78-378331-00 12/06 All contents are Copyright © 1992–2006 Cisco Systems.com/go/acs.1 for Windows Minimum Requirement Pentium IV processor. For More Information For more information about Cisco Secure ACS products. and partners. and support contract information please contact your local account representative. These innovative programs are delivered through a unique combination of people. please visit http://www. visit the Cisco Ordering Home Page. resulting in high levels of customer satisfaction. optimize network operations.Data Sheet Table 3.1 product bulletins for Cisco Secure ACS product numbers. Service and Support Cisco offers a wide range of services programs to accelerate customer success. tools. and prepare your network for new applications to extend network intelligence and the power of your business.