CHAPTER
47-1
User Guide for Cisco Security Manager 4.4
OL-28826-01
47
Configuring Device Administration Policies on
Firewall Devices
The Device Admin section contains pages for configuring device administration policies for firewall
devices.
This chapter contains the following topics:
• About AAA on Security Devices, page 47-1
• Configuring Banners, page 47-8
• Configuring Boot Image/Configuration Settings, page 47-9
• Setting the Device Clock, page 47-11
• Configuring Device Credentials, page 47-13
About AAA on Security Devices
Authentication-Authorization-Accounting (AAA) enables the security appliance to determine who a
user is (authentication), what the user can do (authorization), and what the user did (accounting). You
can use authentication alone, or with authorization and accounting. Authorization always requires a user
to be authenticated first. You also can use accounting alone, or with authentication and authorization.
Authentication-Authorization-Accounting provides an extra level of protection and control for user
access beyond access lists alone. For example, you can create an ACL that allows all outside users to
access Telnet on a server on the DMZ network. If you want to limit user access to the server when you
may not always know the IP addresses of these users, you can enable AAA to allow only authenticated
and/or authorized users to make it through the security appliance. (The Telnet server enforces
authentication, too; the security appliance prevents unauthorized users from attempting to access the
server.)
• Authentication—Authentication grants access based on user identity. Authentication establishes
user identity by requiring valid user credentials, which are typically a user name and password. You
can configure the security appliance to authenticate the following items:
–
Administrative connections to the security appliance using Telnet, SSH, HTTPS/ASDM, or
serial console.
–
The enable command.