Managing Cisco Network Security / Edition 2

Paperback (Print)
Buy New
Buy New from
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 97%)
Other sellers (Paperback)
  • All (21) from $1.99   
  • New (10) from $4.95   
  • Used (11) from $1.99   


An in-depth knowledge of how to configure Cisco IP network security is a MUST for anyone working in today's internetworked world
"There's no question that attacks on enterprise networks are increasing in frequency and sophistication..."-Mike Fuhrman, Cisco Systems Manager, Security Consulting
Managing Cisco Network Security, Second Edition offers updated and revised information covering many of Cisco's security products that provide protection from threats, detection of network security incidents, measurement of vulnerability and policy compliance and management of security policy across an extended organization. These are the tools that network administrators have to mount defenses against threats. Chapters also cover the improved functionality and ease of the Cisco Secure Policy Manger software used by thousands of small-to-midsized businesses and a special section on the Cisco Aironet Wireless Security Solutions.

Security from a real-world perspective
Key coverage of the new technologies offered by the Cisco including: 500 series of Cisco PIX Firewall, Cisco Intrusion Detection System, and the Cisco Secure Scanner
Revised edition of a text popular with CCIP (Cisco Certified Internetwork Professional) students
Expanded to include separate chapters on each of the security products offered by Cisco Systems

This edition offers updated and revised information covering many of Cisco's security products that provide protection from threats, detection of network security incidents, and management of security policy.

Read More Show Less

Product Details

  • ISBN-13: 9781931836562
  • Publisher: Elsevier Science
  • Publication date: 4/1/2002
  • Edition description: 2ND
  • Edition number: 2
  • Pages: 788
  • Product dimensions: 1.54 (w) x 7.44 (h) x 9.69 (d)

Table of Contents

Chapter 1 Introduction to IP Network Security
Chapter 2 What Are We Trying to Prevent?
Chapter 3 Cisco PIX Firewall
Chapter 4 Traffic Filtering in the Cisco Internetwork Operating System
Chapter 5 Network Address Translation/Port Address Translation
Chapter 6 Cryptography
Chapter 7 Cisco LocalDirector and DistributedDirector
Chapter 8 Virtual Private Networks and Remote Access
Chapter 9 Cisco Authentication, Authorization, and Accounting Mechanisms
Chapter 10 Cisco Content Services Switch
Chapter 11 Cisco Secure Scanner
Chapter 12 Cisco Secure Policy Manager
Chapter 13 Intrusion Detection
Chapter 14 Network Security Management
Chapter 15 Looking Ahead: Cisco Wireless Security
Read More Show Less


Authentication, authorization, and accounting (AAA) is an architectural framework for providing the independent but related functions of authentication, authorization, and accounting, and is critical to providing secure remote access to both network devices and resources. The AAA framework typically consists of both a client and a server. The AAA client (for example, a router or network access server (NAS)) requests authentication, authorization, and/or accounting services from a AAA server (for instance, a Unix or Windows server with appropriate software) that maintains databases containing the relevant AAA information.

Typically, an AAA framework is effective in three ways:

1. It provides centralized authentication for the administration of a large number of routers. An example is a small- to medium-sized business that has a relatively high ratio of routers to network administrators. Centralized authentication would ease the administrative burden of the routers, but because the number of administrators is low, centralized authorization and accounting would not be beneficial.
2. It provides flexible authorization capabilities. An example is a global enterprise that has a large number of both routers and administrators. Administrative duties might be divided along operational and configuration lines such that the implementation of centralized authorization would be an effective addition to centralization authentication.
3. It provides relevant usage or billing information. An example is a service provider that charges customers based on network usage statistics. In this case, the centralized authentication and authorization would be aneffective means of supporting the router and NAS administration, while centralized accounting would provide the business with network usage information for billing.

Examples of AAA happen in every day life outside of computers and Cisco devices. For instance, when you go to an ATM machine to withdraw money, you must first insert your bank card and enter your personal identification number (PIN). At this point, you are now authenticating yourself as someone who has the authority to withdraw money. If both your card and PIN are valid, you are successfully authenticated and can now continue the task of withdrawing money. If you have entered an incorrect PIN number, or your card has been damaged (or stolen) and the criteria cannot be validated, you will not be able to continue. Once authenticated you will be permitted to perform certain actions, such as withdraw, deposit, check your balance on various accounts, and so on. Based on your identity (your bank card and your PIN), you have been preauthorized to perform certain functions, which include withdrawing your hard-earned money. Finally, once you have completed the tasks in which you are authorized to perform, you are then provided with a statement describing your transactions, as well as the remaining balance in your account. The bank will also record your transactions for accounting purposes.

This chapter provides an overview of AAA and its benefits, a description of the RADIUS, TACACS+, and Kerberos security protocols, and a discussion (with examples) of how to configure each of the AAA services on Cisco IOS devices.

Cisco AAA Overview
AAA is comprised of the three independent but related functions of authentication, authorization, and accounting, defined in the following:
· Authentication is the process of identifying and authenticating a user prior to allowing access to network devices and services. User identification and authentication is critical for the accuracy of the authorization and accounting functions.
· Authorization is the process of determining a user’s privileges and access rights after they have been authenticated.
· Accounting is the process of recording user activities for accountability, billing, auditing, or reporting purposes. In some cases, it may not be necessary to implement all AAA mechanisms. For example, if a company simply wishes to authenticate users when they access a certain resource, authentication would be the only element needed. If a company wishes to create an audit trail to reference which users logged in to the network at what times, authentication and accounting will be needed. Typically, AAA is used in remote access scenarios such as end users dialing into an ISP to access the Internet, or dialing into their company LAN to access resources. Figure 9.1 illustrates a common implementation of AAA.
Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)