Home :: Content

Enhanced security for network hardware and services via ACS/TACACS+


police.gif
Quick View
Summary: 

Improve and standardize Authorization, Authentication and Accountability of access to network hardware and other services. Additionally, provide the ability to restrict or grant access to Network Hardware and services based on roles and responsibilities.

Start Date: 
November 25, 2008
Go Live: 
July 15, 2009
End Date: 
July 24, 2009
Current Milestone: 
Determine feasibility of using ASURITE ids in conjunction with Cisco on ACS (Open Systems) April 24, 2009
Stage: 
On hold
People
Sponsor/Champion: 
Adrian Sannier, Vice President and University Technology Officer
Lead Customer: 
Dave McKee
Project Manager: 
Mike Brown
Contact for more information: 
Duane.Woerman@asu.edu
Associate VP University Technology: 
Bob Nelson
University Technology Director: 
Dave McKee
More Info
Source: 
Internal
Priority: 
Medium
Scope: 

Authentication, Authorization and Accountability for network communication hardware and network services. The project will upgrade the current TACACS (Terminal Access Controller Access Control System). 

All Milestones and Schedule: 
  • Get project approval (Complete)
  • Develop project plan and timeline. January 27, 2009 (Complete)
  • Determine Resources, Tasks and Schedule. February 6, 2009 (Complete)  
  • Determine platform for ACS software installation (NetCom)  March 1, 2009 (Complete)
  • Acquire two Cisco copies of Access Control Server (ACS) software version 4.1 for Windows to support Terminal Access Controller Access Control System (TACACS) (Netcom) March 1, 2009 (Complete). 
  • Install one server in Old Main and the second server in Data Center (UTO Facilities) March 1, 2009 (Complete).
  • Install ACS 4.1 software on Data Center server (Open Systems) March 1, 2009 (complete) 
  • Determine feasibility of using ASURITE ids in conjunction with Cisco on ACS (Open Systems) April 24, 2009
  • Install ACS 4.1 software on Old Main server (Open Systems) April 24, 2009 
  • Configure radius authentication between ASURITE and ACS/TACACS+ (Open Systems) April 30, 2009 
  • Develop list of users and access requirements (NetCom) April 30, 2009 
  • Test ACS/TACACS+ and radius ASURITE authenication (NetCom, Open Systems) May 15, 2009 
  • Change configuration on all network hardware external to the data center to utilize ACS/TACACS+ (NetCom) May 30, 2009
  • Establish network management VLAN throughout the data center network* (NetCom) June 30, 2009
  • Change configuration on all network hardware internal to the data center to utilize ACS/TACACS+ (NetCom) July 15, 2009
  • Go Live July 15, 2009  
Deliverables: 
  • Improve and standardize Authorization, Authentication and Accountability of access to network hardware Internet Operating System (IOS) and other services. 
  • Implementation of ability to restrict or grant access to Network Hardware and services via IOS/Command Line Interface based on roles and responsibilities.
  • Implementation of ability to leverage the existing ASURITE security process.
Risk & Threats: 

Staff resources
Project prioritization among other UTO projects

Links
TACACS + (Terminal Access Controller Access Control System)
ACS (Access Control Server)
Syndicate content