Security Basics mailing list archives
RE: TACACS+ vs. RADIUS
From: "Mohamed Farid" <mfarid () mscc com eg>
Date: Tue, 5 Jun 2007 14:09:12 +0300
Nikhil : You mentioned that Radius supports Authentication and Authorization - what about accounting ? If I use Radius : Can I know what commands have been added by whom ? or it's available only for TACACS ? Mohamed Farid ,, Telecommunication & Security Department Manager ,,, Mediterranean Smart Cards Company ,, 92 Tahreer Street. Dokki / Cairo / Egypt Website : www.mscc.com.eg Email : mfarid () mscc com eg Phone : +2 02 3331439/+2 02 3331400 Fax : +2 02 7621164 Mobile : +2 0122258350 -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Nick Owen Sent: Monday, June 04, 2007 9:09 PM To: Nikhil Wagholikar Cc: security-basics () securityfocus com; kkmookhey () niiconsulting com Subject: Re: TACACS+ vs. RADIUS Excellent points Nikhil. I would only add that if you ever want to roll-out two-factor authentication you should go with radius. While we support TACACS+, many two-factor systems do not. Plus, there are a number of good, free radius servers such as Freeradius and Microsoft's IAS server. IIRC, IAS will first validate that the user is active in AD, then proxy the auth request to a 3rd party server. As for location, keep in mind that these protocols are encoded, but not encrypted. hth, Nick -- Nick Owen WiKID Systems, Inc. 404.962.8983 http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication irc.freenode.net: #wikid Nikhil Wagholikar wrote:
Hello Rlafosse, Here is a short description about differences between RADIUS & TACACS implementation: 1. Make: RADIUS is a Industry standard developed by Livingston. TACACS is CISCO proprietory. 2. Command Execution rights: RADIUS has no provision given to users as to which command that they can run on the router. TACACS has two provisions provided to user for the commands that they can run on the router: a. Based on users b. Based on groups 3. Protocol Support: RADIUS doesn't offer support to traditional protocols like ARA, X.25
PAD
& NASI. TACACS provides support to multiple protocols. 4. AAA Segregation: RADIUS combines Authentication & Authorization. TACACS clearly segregates/separates Authentication, Authorization & Accounting. 5. Protocol Utilization: RADIUS works on UDP whereas TACACS works on TCP. 6. Encrption level: RADIUS only encrypts the password in the requested packet connection. TACACS encrypts the whole body of requested packet connection. So now we can clearly analyze the difference & understand that TACACS implementation is much secured as compared to RADIUS implementation. Happy AAA implementation. ---------- Nikhil Wagholikar Security Analyst NII Consulting Web: www.niiconsulting.com On 6/2/07, Lafosse, Ricardo <rlafosse () sfwmd gov> wrote:Hello all, I am considering implementing either RADIUS or TACACS+ any insight or experiences would be helpful. Also where would be the most beneficial location to place it on my infrastructure (DMZ)? Cheers, Ricardo
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * This e-mail (including attachments) is classified as Mediterranean Smart Cards Company confidential and proprietary information The recipient hereby is committed to hold in strict confidence the contents of this (e-mail, document, and information) and not to disclose to any third party without the prior written consent of Mediterranean Smart Cards Company. Recipient will be held liable for any unauthorized disclosure. It is intended solely for the addressee. Unless you are the addressee, you may not read, copy, use or store this e-mail in any way, or permit others to. If you have received it in error, please notify the sender by return e-mail and delete the message in its entirety, including any attachments * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Current thread:
- TACACS+ vs. RADIUS Lafosse, Ricardo (Jun 01)
- Re: TACACS+ vs. RADIUS Nikhil Wagholikar (Jun 04)
- Re: TACACS+ vs. RADIUS Nick Owen (Jun 04)
- Re: TACACS+ vs. RADIUS Alex Nedelcu (Jun 05)
- RE: TACACS+ vs. RADIUS Mohamed Farid (Jun 05)
- Re: TACACS+ vs. RADIUS Nikhil Wagholikar (Jun 05)
- RE: TACACS+ vs. RADIUS Mohamed Farid (Jun 06)
- RE: TACACS+ vs. RADIUS elias . tamas (Jun 07)
- Re: TACACS+ vs. RADIUS Nick Owen (Jun 04)
- Re: TACACS+ vs. RADIUS Nikhil Wagholikar (Jun 04)