Description

The Cisco® Secure Access Control Server (CS-ACS) training course has been enhanced! This new four-day course uses typical network access and device administration scenarios to teach students how to provide and monitor secure access to their network using the Cisco Secure Access Control Server v4.2 and the Cisco Secure ACS View Server v4.0. The classroom scenarios highlight how to use the ACS and ACS View servers to secure and monitor remote VPN network access, wired / wireless 8802.1x network access, and device administration access. The course lecture and extensive hands-on lab exercises includes the principals of authentication, authorization, and accounting (AAA), RADIUS, TACACS+, Extensible Authentication Protocol (EAP), and 802.1x protocols.

Objectives

• Describe the importance of network access security and the security needs and challenges associated with a network
• Understand the features, functions, and benefits of the Cisco Secure ACS and ACS View servers
• Understand the considerations in deployment of Cisco Secure ACS and ACS View servers
• Integrate Cisco Secure ACS with external user databases, such as Windows Active Directory
• Effectively use Cisco Secure ACS to:
  • Control access to the network and to network services by remote VPN, wireless, or wired users
  • Control the authority to perform specific functions
  • Record and audit the activity of users on the network and on services
  • Restrict access to network devices to authorized network administrators or programmatic interfaces
• Configure Cisco Secure ACS and Cisco IOS Software to implement AAA features for typical scenarios: VPN Remote Access, Wired/Wireless 802.1x Network Access, and Device Administration Access
• Effectively use Cisco Secure ACS View to:
  • Collect and consolidate ACS server logs and configuration data
  • Generate access, system and entitlement reports as well as custom and favorite reports
  • Schedule (daily/weekly/monthly) in HTML, PDF, and CSV formats
  • Monitor ACS system health
  • Create real-time thresholds on specified conditions and monitor / forward alerts

After completing this four-day course, students will be able to use the Cisco Secure ACS and ACS View to implement and monitor security policies for authentication of users, authorization of activities, and accounting of network and services use.

Prerequisites

• Understanding of TCP/IP networking
• Standard AAA security concepts and terminology
• Basic understanding of security challenges facing networks
• Basic Microsoft Windows system administration
• Basic Cisco router and switch configuration (CCNA® certification equivalent)
• Basic Cisco ASA (Adaptive Security Appliance 5500 Series) or VPN concentrator configuration
• Internet Web browser use

Who Should Attend

• This course is for network administrators, network operators, and system administrators responsible for securing their networks to assure authorized access only by authenticated users, with accounting of their activities. The following are the primary audience for this course:
  • Network administrators and operators
  • System administrators

• Module 1: Introduction
  • Access Control in the Network
  • AAA Concepts / Technology (Refer to Appendix)
  • Cisco Secure ACS / ACS View Product Overviews
• Module 2: Getting Started
  • ACS Installation and Initial Configuration
  • ACS View Installation & Initial Configuration
• Module 3: Network Access Scenarios
  • Remote VPN Access Scenario
  • Wired / Wireless 802.1x Scenario
• Module 4: Device Administration Scenarios
  • Securing Device Administration using Network Access Restrictions (NAR)
  • Securing Device Administration using Privilege Levels and CLI View
  • Securing Device Administration using Command Authorization Sets
• Module 5: Other Deployment Topics
  • Scalability and Performance
  • Database Replication