Chapter 10. Securing the Corporate Network

This chapter contains the following sections:

• Dial-In Security

• Dial-In User Authentication, Authorization, and Accounting (AAA)

• AAA Authentication Setup with TACACS+ and RADIUS

• AAA Authorization Setup

• AAA Accounting Setup

• Using All AAA Services Simultaneously

• Virtual Private Networks (VPNs)

• Summary

Sometimes security has more to do with politics and human resources issues than with networking. The security administrator is constantly pulled between needing to maintain a reasonable level of security and allowing users the flexibility to get their work done. The administrator is faced with balancing these two often-opposing needs. How can a balance be achieved? Security policies should be looked at in the same manner as clothing. Clothing should not be so tight that it restricts movement, but it still needs to cover that which should not be revealed to the public. A suit that is too restrictive will soon be left in the closet, along with a suit that is too big in the shoulders. Like a suit, the art of building a security system must balance between being too loose and too tight.

When thinking about securing the corporate network, keep in mind the three main ways someone can try to gain access to the corporate network:

• Through the Internet

• Through dial-in access

• Through Virtual Private Networks (VPNs)

Chapter 2, “Basic Cisco Router Security,” and Chapter 5, “Cisco IOS Firewall,” discussed methods of protecting your network from the Internet. Not covered in those chapters was how to protect your network from dial-in access and VPNs coming in through the Internet. The security needs of each of these access methods are discussed in this chapter.