Файловый архив студентов. Файловый архив студентов.
1271 вуз, 4669 предмет.
/ Регистрация
FAQ Обратная связь Вопросы и предложения
Добавил:
Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз:
Таврический Национальный Университет им. В.И. Вернадского
Предмет:
Сети и Телекоммуникации 
Файл:
Cisco Secure PIX Firewall Advanced Exam Certification Guide - Cisco press.pdf
Скачиваний:
66
Добавлен:
24.05.2014
Размер:
15.78 Mб
Скачать
►Содержание►

Foundation Summary 269

Foundation Summary

Authentication, authorization, and accounting are three separate functions performed by AAA servers to allow access to resources. Each of these functions has a specific goal. No one is granted access of any kind until he or she is authenticated.

Authentication—Identifies the entity (user).

Authorization—Gives the user access based on his or her profile.

Accounting—Maintains a record of user access.

The Cisco PIX Firewall can maintain an internal user database or connect to an external AAA server. The PIX supports both RADIUS and TACACS+ technologies. Figure 13-14 shows the steps that the AAA server takes during the entire AAA process.

Figure 13-14 AAA Server Steps

Step 1: User initiates connection to Web server and is prompted for username/password.

Step 2: NAS forwards user

information to AAA for User authentication.

Workstation

Step 3: AAA server returns authentication and authorization to NAS.

Step 5: The firewall allows the connection.

Internal

Web Server

Step 4: AAA server logs the

 

connection (by user).

AAA Server

CSACS is available for both Windows NT/2000 Server and UNIX and can be configured for TACACS+ and RADIUS. The CSACS installation on Windows 2000 is an easy step- by-step (Install Wizard) installation.

270 Chapter 13: Overview of AAA and the Cisco PIX Firewall

Q&A

As mentioned in the Introduction, the questions in this book are more difficult than what you should experience on the exam. The questions do not attempt to cover more breadth or depth than the exam; however, they are designed to make sure that you know the answer. Hopefully, these questions will help limit the number of exam questions on which you narrow your choices to two options and then guess. Be sure to use the CD and take the simulated exams.

The answers to these questions can be found in Appendix A.

1What platforms does CSACS support?

A Windows XP Professional

BUNIX

CWindows NT Workstation

DWindows 2000 Professional

2Why is it important to do accounting on your network?

3What options are available to authenticate users on a PIX Firewall?

A Local user database

B Remote RADIUS server

C Remote TACACS+ server

D All of the above

4What two technologies does the CSACS support?

5True or false: Cut-through proxy authenticates users and then allows them to connect to

anything.

6True or false: The CSACS installation on Windows NT/2000 Server is a relatively simple Installation Wizard.

7Which of the following are not connection types for authenticating to a PIX Firewall? (Select all that apply.)

ATelnet

BSSH

CFTP

DHTTPS

This chapter covers the following exam topics for the Secure PIX Firewall Advanced Exam (CSPFA 9E0-111):

29. Overview of AAA

20. Installation of CSACS for Windows NT/2000

31.Authentication configuration

32.Downloadable ACLs

Соседние файлы в предмете Сети и Телекоммуникации 
Помощь Обратная связь Вопросы и предложения Пользовательское соглашение Политика конфиденциальности