Security Basics mailing list archives
RE: TACACS+ vs. RADIUS
From: elias.tamas () uni-pen hu
Date: Thu, 07 Jun 2007 10:50:16 +0200
Hy. RADIUS is well accepted, FreeRadius is an open implementation, almost everything can work with it on any device or os. In not homogenic networks, radius is more superior than cisco's implementation.
We are using radius comapny-wide since for example most of our 3com middleware switches not supporting tacacs, as well as most of our wireless devices. In a homogenic cisco network it is truly the best solution, but in any other cases, I doubt...
Idézet (Mohamed Farid <mfarid () mscc com eg>):
Dear Nikhil : This is really more than enough ... Thank you for your great description and support ... Mohamed Farid ,, -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Nikhil Wagholikar Sent: Tuesday, June 05, 2007 5:52 PM To: security-basics () securityfocus com Subject: Re: TACACS+ vs. RADIUS Hello Mohamed Farid, RADIUS is an AAA protocol; hence it supports all -- Authentication, Authorization & Accounting. I commented that RADIUS combines Authentication & Authorization -- by this I mean to say RADIUS doesn't clearly separates Authentication & Authorization method/process; by no way I meant that RADIUS doesn't support Accounting!! As to your second query, my second point clearly specifies the same. --------- Nikhil Wagholikar Security Analyst NII Consulting Web: www.niiconsulting.com On 6/5/07, Mohamed Farid <mfarid () mscc com eg> wrote:Nikhil : You mentioned that Radius supports Authentication and Authorization - what about accounting ? If I use Radius : Can I know what commands have been added by whom ?orit's available only for TACACS ? Mohamed Farid ,, Telecommunication & Security Department Manager ,,, Mediterranean Smart Cards Company ,, 92 Tahreer Street. Dokki / Cairo / Egypt Website : www.mscc.com.eg Email : mfarid () mscc com eg Phone : +2 02 3331439/+2 02 3331400 Fax : +2 02 7621164 Mobile : +2 0122258350 -----Original Message----- From: listbounce () securityfocus com[mailto:listbounce () securityfocus com]On Behalf Of Nick Owen Sent: Monday, June 04, 2007 9:09 PM To: Nikhil Wagholikar Cc: security-basics () securityfocus com; kkmookhey () niiconsulting com Subject: Re: TACACS+ vs. RADIUS Excellent points Nikhil. I would only add that if you ever want to roll-out two-factor authentication you should go with radius. Whilewesupport TACACS+, many two-factor systems do not. Plus, there are a number of good, free radius servers such as Freeradius and Microsoft's IAS server. IIRC, IAS will first validate that the user is active in AD, then proxy the auth request to a 3rd party server. As for location, keep in mind that these protocols are encoded, butnotencrypted. hth, Nick -- Nick Owen WiKID Systems, Inc. 404.962.8983 http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication irc.freenode.net: #wikid Nikhil Wagholikar wrote: > Hello Rlafosse, > > Here is a short description about differences between RADIUS &TACACS> implementation: > > 1. Make: > > RADIUS is a Industry standard developed by Livingston. > TACACS is CISCO proprietory. > > 2. Command Execution rights: > > RADIUS has no provision given to users as to which command that they > can run on the router. > TACACS has two provisions provided to user for the commands thatthey> can run on the router: > a. Based on users > b. Based on groups > > 3. Protocol Support: > > RADIUS doesn't offer support to traditional protocols like ARA, X.25 PAD > & NASI. > TACACS provides support to multiple protocols. > > 4. AAA Segregation: > > RADIUS combines Authentication & Authorization. > TACACS clearly segregates/separates Authentication, Authorization & > Accounting. > > 5. Protocol Utilization: > > RADIUS works on UDP whereas TACACS works on TCP. > > 6. Encrption level: > > RADIUS only encrypts the password in the requested packetconnection.> TACACS encrypts the whole body of requested packet connection. > > So now we can clearly analyze the difference & understand thatTACACS> implementation is much secured as compared to RADIUS implementation. > > Happy AAA implementation. > > ---------- > Nikhil Wagholikar > Security Analyst > > NII Consulting > Web: www.niiconsulting.com > > > On 6/2/07, Lafosse, Ricardo <rlafosse () sfwmd gov> wrote: >> Hello all, >> I am considering implementing either RADIUS or TACACS+ any insightor>> experiences would be helpful. Also where would be the mostbeneficial>> location to place it on my infrastructure (DMZ)? >> >> Cheers, >> Ricardo >> >> >> > * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ** * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *This e-mail (including attachments) is classified as MediterraneanSmart Cards Company confidential and proprietary informationThe recipient hereby is committed to hold in strict confidence thecontents of this (e-mail, document, and information) and not to disclose to any third party without the prior written consent of Mediterranean Smart Cards Company.Recipient will be held liable for any unauthorized disclosure. It is intended solely for the addressee. Unless you are the addressee,you may not read, copy, use or store this e-mail in any way, or permit others to.If you have received it in error, please notify the sender by returne-mail and delete the message in its entirety, including any attachments* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ** * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Current thread:
- TACACS+ vs. RADIUS Lafosse, Ricardo (Jun 01)
- Re: TACACS+ vs. RADIUS Nikhil Wagholikar (Jun 04)
- Re: TACACS+ vs. RADIUS Nick Owen (Jun 04)
- Re: TACACS+ vs. RADIUS Alex Nedelcu (Jun 05)
- RE: TACACS+ vs. RADIUS Mohamed Farid (Jun 05)
- Re: TACACS+ vs. RADIUS Nikhil Wagholikar (Jun 05)
- RE: TACACS+ vs. RADIUS Mohamed Farid (Jun 06)
- RE: TACACS+ vs. RADIUS elias . tamas (Jun 07)
- Re: TACACS+ vs. RADIUS Nick Owen (Jun 04)
- Re: TACACS+ vs. RADIUS Nikhil Wagholikar (Jun 04)