VPN Concentrator 3000 using TOKEN for security enhancement

VPN Concentrator 3000 using TOKEN for security enhancement
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.vpn  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
VPN Concentrator 3000 using TOKEN for security enhancement zillah 12-13-2006
Posted by zillah on December 13, 2006, 7:17 am
If you were  Registered and logged in, you could reply and use other advanced thread options

At work we have got Cisco VPN 3000 concentrator is currently running , I
have
been assigned to write document about enhancement the VPN security
by using
TOKEN, I have not been given any further information.

I have done an intensive search , but I could not get some thing that I
can
start with

Any guide will be appreciated ?


--
zillah
------------------------------------------------------------------------
zillah's Profile: http://www.futurehardware.in/member.php?userid=301
View this
thread: http://www.futurehardware.in/showthread.php?t=558012

Future Hardware -
http://www.futurehardware.in


Posted by stephen on December 17, 2006, 10:43 am
>
> At work we have got Cisco VPN 3000 concentrator is currently running , I
> have been assigned to write document about enhancement the VPN security
> by using TOKEN, I have not been given any further information.

find some docs about the tokens you will use.

at work we use SecureID (RSA?), with ACE server as the central
authentication system.

AFAIR the VPN 3000 can talk directly, but every system i have seen uses a
TACACS or RADIUS server as a translator. We use the Cisco one, but there are
several alternatives.

So VPN server -> TACACS -> ACE server.
>
> I have done an intensive search , but I could not get some thing that I
> can start with

look for the cisco docs for the 3000 - they should lead you straight to the
info you need.
>
> Any guide will be appreciated ?

try this for some idea of how to do this stuff properly:
http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/networking_solutions_white_paper09186a00804cc4fa.shtml

>
>
> --
> zillah
> ------------------------------------------------------------------------
> zillah's Profile: http://www.futurehardware.in/member.php?userid=301
> View this thread: http://www.futurehardware.in/showthread.php?t=558012
>
> Future Hardware - http://www.futurehardware.in
>
--
Regards

stephen_hope@xyzworld.com - replace xyz with ntl



Posted by zillah on December 17, 2006, 11:13 am

> find some docs about the tokens you will use.
i have to recommend one , I have seen alot of organizations are using
SecureID RSA, therefore I am going to recommend this one as well.

> TACACS or RADIUS server as a translator. We use the Cisco one, but there
> are
We also use the Cisco one which is called Cisco Secure Access Control
Server (Cisco Secure ACS V3.3), which uses RADUIS or TACACS+ protocols.

> AFAIR the VPN 3000 can talk directly,
You meant to say VPN 3000 can talk directly to RSA ACE/Server, without
using any traslator such as Cisco Secure Access Control Server for
instance,,,,didn't you ?

> but every system i have seen uses a TACACS or RADIUS server as a
> translator.
This is what I have seen as well. I do not why !!!
http://www.netcraftsmen.net/welcher/papers/aaabasics01.html
> Cisco network devices generally know *how to talk* TACACS+ or RADIUS to
> ACS, and *then* Cisco Secure Access Control Server (Cisco Secure ACS,
> V3.3 or V4.0 ) talks to your Active Directory, LDAP, or other
> *authentication database*.


--
zillah
------------------------------------------------------------------------
zillah's Profile: http://www.futurehardware.in/member.php?userid=301
View this thread: http://www.futurehardware.in/showthread.php?t=558012

Future Hardware - http://www.futurehardware.in


Posted by stephen on December 17, 2006, 4:48 pm
>
> > find some docs about the tokens you will use.
> i have to recommend one , I have seen alot of organizations are using
> SecureID RSA, therefore I am going to recommend this one as well.
>
> > TACACS or RADIUS server as a translator. We use the Cisco one, but there
> > are
> We also use the Cisco one which is called Cisco Secure Access Control
> Server (Cisco Secure ACS V3.3), which uses RADUIS or TACACS+ protocols.
>
> > AFAIR the VPN 3000 can talk directly,
> You meant to say VPN 3000 can talk directly to RSA ACE/Server, without
> using any traslator such as Cisco Secure Access Control Server for
> instance,,,,didn't you ?
>
> > but every system i have seen uses a TACACS or RADIUS server as a
> > translator.
> This is what I have seen as well. I do not why !!!
> http://www.netcraftsmen.net/welcher/papers/aaabasics01.html
> > Cisco network devices generally know *how to talk* TACACS+ or RADIUS to
> > ACS, and *then* Cisco Secure Access Control Server (Cisco Secure ACS,
> > V3.3 or V4.0 ) talks to your Active Directory, LDAP, or other
> > *authentication database*.

you can get some architecture papers from RSA about how to do this - they
have some integration suggestions for the Cisco VPN 3000 on their web site.

it states that the VPN3000 supports "native" securID / ACE server and can
integrate directly, or via Radius.

you need to register on their site to access the info.
>
>
> --
> zillah
> ------------------------------------------------------------------------
> zillah's Profile: http://www.futurehardware.in/member.php?userid=301
> View this thread: http://www.futurehardware.in/showthread.php?t=558012
>
> Future Hardware - http://www.futurehardware.in
--
Regards

stephen_hope@xyzworld.com - replace xyz with ntl

>



Posted by Vin on December 17, 2006, 5:45 pm

zillah wrote:

> At work we have got Cisco VPN 3000 concentrator is currently running , I
> have been assigned to write document about enhancement the VPN security
> by using TOKEN, I have not been given any further information.
>
> I have done an intensive search , but I could not get some thing that I
> can start with
>
> Any guide will be appreciated ?

Steve mentioned RSA's SecurID as a popular option. The RSA SecurID
Ready Implementation Guide for the Cisco VPN 3000 Concentrator Series
is available from the RSA website at:
<http://rsasecurity.agora.com/rsasecured/guides/imp_pdfs/Cisco_VPN3K_47_AuthMan61.pdf>.

Adding strong user authentication (2-factor authentication, as in
TOKEN) to a VPN is considered an enhancement because the VPN itself
can only validate the machines it links to -- whereas 2FA authenticates
an active human individual, and directly associates him or her with the
message traffic or transaction.

Hope this helps.

_Vin


Similar ThreadsPosted
Cisco Concentrator 3000 August 14, 2005, 7:03 pm
Cisco VPN 3000 concentrator November 29, 2007, 7:40 pm
VPN 3000 Concentrator and Microsoft VPN Client March 5, 2006, 4:40 am
cisco vpn connection to vpn concentrator 3000 not passing web traffic August 21, 2006, 11:44 pm
MS SBS 2003 / Aladdin E-Token June 12, 2007, 7:22 pm
Static ip important for security? February 7, 2008, 4:16 pm
A question about security profile for a VPN tunnel October 3, 2006, 5:36 pm
Citrix, VPN, Remote Desktop and Wireless security November 18, 2005, 4:05 pm
eBay: Linksys RVS4000 4-port gigabit security router w/VPN December 7, 2007, 5:30 pm
Infotecs Advances ViPNet Virtual Private Network With New Security And Communication Features July 17, 2006, 10:54 am

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map