I'm trying to find out how the communication between Cisco ACS 4 and AD (Windows server) is secured. I've looked through tons of documentation, but there seems to be little mention of how traffic between the ACS and the external database is secured. The problem we face is that we do not completely trust the network between the ACS and our AD, and it would be a bad thing if the user name and password was sendt in the clear..
You can enable a secure socket layer (SSL) for administrative sessions. This method ensures that all communication between the web browser and ACS is encrypted. Your browser must support SSL. You can enable this feature on the Access Policy Setup page in the Administration Control section.
But I think you misunderstood my question. The communication between browsers and ACS is secured today by using SSL(as you described), but how is the traffic protected between the ACS server and any external databases that the ACS needs to communicate with? One example would be when the ACS verifies that a user's credentials are equal in the ACS internal database and AD, does this traffic travel unencrypted over the network? If so, then it would be easy for malicious insiders to sniff the traffic and collect passwords and usernames..
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :