News Release

Cisco Introduces Centralized Security Server for Enterprise Customers and Service Providers

CiscoSecure Server Offers Authentication, Authorization and
Jan 30, 1996

CiscoSecure Server Offers Authentication, Authorization and Accounting

SAN JOSE, Calif., -- January 30, 1996 -- Cisco Systems, Inc. today introducedCiscoSecure server, the first centralized security server to integrateauthentication, authorization and accounting (AAA). Developed withChesapeake Computer Consultants, Inc.(CCCI) of Annapolis, Maryland, theCiscoSecure server will help network managers improve security and controlin supporting applications such as telecommuting and Internet access. Thecombination of all three security functions permits network administratorsat medium-to-large enterprises and Internet Service Providers (ISPs) topurchase a fully supported, off-the-shelf product to centrally controlnetwork access, as well as to provide accounting for security audits andbilling.

"This announcement is a breakthrough for security managers of enterprisenetworks and ISP installations," said Ian Pennell, director, Access ServerDivision in Cisco's Access Business Unit. "Network security is critical forthe growing base of telecommuters all over the world. CiscoSecure givesnetwork managers the tool they need to prevent unauthorized access,establish different user classes, and provide accounting information forsecurity audits and billing."

AAA: Addressing Key Security Requirements

As telecommuting and Internet access grow, demand for secure access and newbilling methods continues to increase. Customers can satisfy these criticalneeds by adopting CiscoSecure, a product that features integrated AAAcomponents for maximum security. For authenticating users, CiscoSecure usesthe traditional user name and a fixed password method, as well as the moresophisticated one-time password method, such as those supported by theChallenge Handshake Authentication Protocol (CHAP) and S/Key. The nextrelease of CiscoSecure will also support token cards for additionalsecurity capabilities. Security managers can keep passwords fresh by usingCiscoSecure's password aging feature, which provides users with a warningmessage regarding password expiration. When users change their passwords,CiscoSecure also rejects easily guessed passwords, preventing attacks frompassword cracking programs.

For authorization control, network managers can specify time of day and dayof week access permission for block-out periods. They can also stipulatestart and end account dates. Authorization service support is included forEXEC, Point-to-Point Protocol (PPP) over IP/IPX, Serial Line InternetProtocol (SLIP), and Appletalk Remote Access Protocol (ARAP).

For service providers, an accounting component determines utilization,simplifies and ensures the accuracy of usage billing and provides relevantdata for security audits. For instance, CiscoSecure logs all billingdetails, including an event identification number, start time/stop time,total connection time, and user identifications. In addition, all log filescan be read by most database packages for billing information, securityaudits and report generation.

CiscoSecure Based on Leading TACACS+ SecurityProtocol for Centrally Controlled Optimal Security

CiscoSecure is the server portion of a distributed security solution thatis based on the TACACS+client/server protocol. ThroughCisco's implementation of TACACS+, including several enhancements, networkadministrators can centrally control access to their private networks, aswell as control access to the management of routers within the network.TACACS+ also works with the CiscoInternetwork Operating System (CiscoIOS(tm)) software to authenticate users as they attempt to dial in, viaISDN or a modem, to the network or execute a privilege function.

Via Cisco's implementation of TACACS+, which stores all securityinformation in a single database, network managers can easily managemultiple access security servers from a central location. As networks grow,a centralized security server becomes the only way to effectively managesecurity. With some other security server products, network managers mustmodify each network access server within the network. TACACS+ encryptscommunications between access servers and CiscoSecure, including passwords,user names, authorization levels, and accounting information.

Founded in 1990, Chesapeake Computer Consultants, Inc. (CCCI) providesadvanced networking and computer systems expertise to the government andFortune 500 companies. Its clients include Cisco Systems, Inc., the U.S.Census Bureau, the Army Research Laboratory, and Wall Street financialfirms. CCCI is a Certified Cisco Training Partner and is based inAnnapolis, Maryland. For more information about CCCI, please call (410)280-8840 or visit CCCI's Web site at


CiscoSecure is scheduled to be available in the first quarter of 1996.

About Cisco

Cisco Systems, Inc. (NASDAQ:CSCO) is the leading globalsupplier ofinternetworking solutions,including routers, LAN and ATM switches, dial-upaccess servers, and network management software. These products, integratedby the Cisco IOS software , linkgeographically dispersed LANs, WANs and IBMnetworks. Cisco Systems news and product/service information are availableat World Wide Web site Cisco Systems is headquarteredin San Jose, Calif.

Posted: Jan 26 10:06:50 1996