Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2911
Views
0
Helpful
2
Replies

Cisco Secure ACS 4.2 for Windows - 2 Factor Authentication (2FA)

slcornish
Level 1
Level 1

‎01-12-2010 01:22 PM - edited ‎03-10-2019 04:53 PM

All,

Does anyone have any ides on how to do 2 factor authentication in Cisco Secure ACS 4.2?

Stephanie

Labels:
0 Helpful
2 Replies 2

Jatin Katyal
Cisco Employee
Cisco Employee

‎01-12-2010 03:59 PM

Hi Stephanie:

Could you please elaborate on this? what exactly you mean by two-factor authentication? which product are we actually using (Firewall, Wireless) and what kind of protocols (radius/tacacs/ldap)? You can implement the two factor authentication through ACS server using RSASecureID.

The two factor authentication I am aware of is;

PIN : Something you know
TOKEN: Something you have

Contributing to two-factor authentication.

Example; In the password filed we provide PIN+TOKEN.

PIN: 1234
TOKEN: 5678

PASSCODE: 12345678

The above example in regards to VPN authentication.

Here is one of the doc that talks about the Cisco VPN solution and two factor authentication.

http://www.rsa.com/rsasecured/guides/solutions/CSCO_VPN_PB_0706.pdf

HTH

Regards,
Jatin


Plz rate helpful posts-

~Jatin
0 Helpful

slcornish
Level 1
Level 1
In response to Jatin Katyal

‎01-13-2010 06:39 AM

Jatin,

Currently we're using TACACS+ for authentication.  We

Here's a description of the requirement for 2 factor authentication:

Id - NET0431

Vulnerability

Discussion

AAA network security services provide the primary framework through which a network administrator can set up access control on

network points of entry or network access servers, which is usually the function of a router or access server. Authentication identifies a

user; authorization determines what that user can do; and accounting monitors the network usage. Without AAA, unauthorized users

may gain access and possibly control of the routers. If the router network is compromised, large portions of the network could be

incapacitated with only a few commands.

Default Finding

Details

AAA server does not redirect/call to a two-factor authentication server.

NET Authentication Access

Procedure: The implementation varies and a thorough review is necessary. Have the SA review and discuss their

implementation. A typical AAA process includes the network system redirecting user access requests either directly to an

ACE/Server or to a CiscoSecure ACS (TACACS+) server which redirects the 'authentication' request to the ACE/Server for

strong authentication via user tokens (keyfobs). During the review have the SA point out the calls from the TACACS+ or Radius

servers to the authentication server performing the two-factor requirement

From my understanding ACS can meet this requirement, I just need some ideas or case studies to see how it how implemented.

Stephanie

0 Helpful
Customers Also Viewed These Support Documents