Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Cisco Secure ACS vs. Firewall

From: "Ogden, Earl" <EOgden () collegesofcc cc ca us>
Date: Thu, 24 Oct 2002 11:33:20 -0700
Good afternoon,

    My 2 cents; My campus is currently evaluating Cisco ACS.  Let me start
by saying it is an excellent piece of software.  It does a full range of
triple A (authentication, audit, authorization).  We are also using it in a
Cisco LEAP/EAP mode; to secure my student network and wireless from my Admin
net.  Now the issues we have seen:

                                1. Cost approximately 9K$ for an education
site
                                2. Proprietary thru and thru; requires Cisco
Access point and Cisco cards, making it very secure.  My students in the
networking classes are testing it continuously.
                                3.  There is a fair bit of supervision
required for ACS to do its job.  It not only secures the WLAN but also can
secure all the network devices on that LAN.  Any changes made to any
supported piece of LAN hardware is audited and authorized by the ACS.  So in
our instance ACS appears to be "Much" more than we needed.

        Even with the above I believe the Cisco ACS is an excellent product,
it simply is an Enterprise system.  A single site is not going to tax the
system.  

My thoughts and not the colleges.
Hope this helps.


Earl Ogden
Network Specialist
Regional Training Institute
Cell #: 925-382-3048
Office #: 925-930-8366 xt 8209


-----Original Message-----
From: mario.walter () bluewin ch [mailto:mario.walter () bluewin ch] 
Sent: Wednesday, October 23, 2002 2:14 AM
To: security-basics () securityfocus com
Subject: Cisco Secure ACS vs. Firewall

Hi List

we are going to setup a WLAN in a warehouse to enable the forklifters to
communicate with with the warehouse management (WM) system. The company,
which will install all the equipment suggested to setup a Cisco Secure ACS
for security reasons. However, I would prefer the installation of a firewall
and having a separate network segment for this WLAN, because the traffic
between the WM system and the forklifts isn't critical at all, but the
traffic
on the company LAN is. So, my idea is to restrict the traffic going through
this firewall to only the needed protocols and IPs (outgoing and incoming),
to protect the rest of the companys LAN.
Any thoughts, caveats, comments?

TIA

Mario
Previous By Date Next
Previous By Thread Next

Current thread: