Cisco Access Control Security: AAA Administration Services
Reviewer Name: Joel E. Natt, Network and Security Administrator
As we enter the 21st century, new issues and challenges await those in the Information Technology environment. Within the short few years that have already passed the need for more advanced and reliable security mechanisms are presented daily. As such, security has become a clear critical need for the continued operation of any business/organization and especially the information technology portion of the business. Brandon Carroll’s book Cisco Access Control Security: AAA Administration Services provides a detailed guide for the implementation and deployment of a security solution developed and released by Cisco Systems. Within his book Cisco’s Access Control Security or ACS as it is known, is detailed and presented from all aspects including, installation, configuration in various methods and daily use.
Within the book Brandon not only focuses on the application and all the items that make the Cisco’s application special; but combines information on the features and components that make ACS important. His details supportive information needed to help System and Network Administrators make educated decisions on methods and purposes for the implementation of different methods of authentication from Cisco’s proprietary TACACS+ to the IETF Radius protocol. Within the pages an I found information on how to establish Accounting passed on access groups and how to ensure different individuals are limited to select capabilities strictly based on the group they are in and permissions that group is provided.
Even if ACS itself is not your primary purpose for this book in the initial chapters offer sufficient information on other Cisco devices like routers and switches, that allow any individual to understand authentication and authorization features of the other devices. Brandon clearly researched these areas and provides this research to others by spending the entire chapter two (2) detailing the different commands that are affected by Authentication, Authorization and Accounting as they related to both TACACS+ and Radius. This level of detail is further demonstrated within the initial section or part of the book when Brandon explains other Radius applications that are not developed by Cisco, but supported by the Cisco products.
As I read the book it became clear that Brandon was not simply repeating what Cisco already provided on their web site, but he was going beyond the documentation to provide a level of detail that would make this almost a clear to understand dummy’s guide to the product. In my belief this book makes an excellent supplement to the material and is clearly a must have for any network administrator/eEngineer that needs to support Cisco’s ACS product. Brandon’s ability to detail in step by step procedures from installation to supporting the product enhances and defines the documentation already provided by Cisco is a clear advantage to this book. The only thing I wish I could have gotten with the book was a 90-day demo version of the product, but then again that is already available on the Cisco web site for download.