According to Convery, S.(2007)1: “RADIUS was developed by Livingston Enterprises (now part of Alcatel-Lucent) in the early 1990s, became an Internet standard through the IETF in 1997, and today is the most widely accepted AAA protocol.
Another widely adopted AAA protocol, which predates RADIUS as an RFC by four years, is the Terminal Access Controller Access Control System (TACACS). Though never an Internet standard, TACACS evolved into XTACACS and then TACACS+, the latter of which is the only version of TACACS in use today.”
RADIUS server is one of the most popular remote access technology components. Its main functions are to:
- consolidate the login request received by the remote network authenticator(s) within an organization,
- verify the eligibility of the remote user’s right to access inside the corporate network, and
- authenticate the user per the agreed-upon authentication methods.
The acronym AAA stands for Authentication, Authorization, and Accounting. The authentication process performs verification of a remote user’s identity, the authorization process determines what a remote user is allowed to do on the network, and the accounting process logs the user’s activities in relation to network access. These actions are activities the RADIUS server performs with other network remote access components within a corporate network environment.
RFC 28652 describes in detail the authentication methods and the packet format of a RADIUS server, and RFC 28663 describes a protocol for carrying accounting information between a Network Access Server and a shared Accounting Server. It should be noted that RFC 2866 does not specify an Internet standard of any kind.
TACACS+ (Terminal Access Controller Access-Control System Plus) is another popular protocol that provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. The main difference between TACACS+ and RADIUS is that TACACS+ separates the two operations: authentication and authorization are combined within the RADIUS server. Also, TACACS+ uses TCP to communicate, while RADIUS uses UDP. (Source: Wikipedia.org)4
1 Convery, S. (2007), Network Authentication, Authorization, and Accounting: Part One, The Internet Protocol Journal - Volume 10, No. 1, Available from: http://www.cisco.com/web/about/ac123/ac147/
archived_issues/ipj_10-1/101_aaa-part1.html [Accessed 31 March 2008]
2 Rigney, C. Ed. (2000) Request for Comments: 2865, Network Working Group, Available from: http://rfc.net/rfc2865.html [Accessed 31 March 2008]
3 Rigney, C. (2000) Request for Comments: 2866, Network Working Group, Available from: http://rfc.net/rfc2866.html [Accessed 31 March 2008]
4 Wikipedia, the free encyclopedia (2008) TACACS+, Available from: http://en.wikipedia.org/wiki/TACACS%2B [Accessed 31 March 2008]
Tags
Access Control, Network Security
Technorati Tags: AAA, Terminal Access Controller Access Control System, TACACS, XTACACS, TACACS+, RADIUS server, authentication, Authorization, Accounting, TCP, UDP, http://rfc.net/rfc2865, rfc2866
Best Deal Ads :
Leave a Reply
TagsAccess Control Asymmetric Encryption Authentication Authorization availability Beyond Fear Bruce Schneier Brute Force Attack Caesar Cipher Certificate Authority ciphertext Computer Security confidentiality Cryptographic Key Cryptography cryptology decryption DES encryption Firewall Google Hacking IDS Information Owner Information Risk Management Information Security Information Security Management integrity Intrusion Detection System Leon Battista Alberti Operations Security password management Physical Security Private Key Public Key Risk Management Risk mitigation single point of failure Thawte Threats TrueCrypt USB Data Encryption Verisign Vulnerabilities Vulnerability work factor
- November 2008 (1)
- October 2008 (1)
- September 2008 (5)
- August 2008 (6)
- July 2008 (3)
- June 2008 (2)
- May 2008 (6)
- April 2008 (6)
- March 2008 (13)
- August 2006 (3)
- July 2006 (8)
- June 2006 (4)
