Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: RE: TACACS+ vs. RADIUS

RE: TACACS+ vs. RADIUS

From: Mohamed Farid <mfarid_at_mscc.com.eg>
Date: Wed, 6 Jun 2007 09:03:31 +0300

Dear Nikhil :
This is really more than enough ...
Thank you for your great description and support ...

Mohamed Farid ,,

-----Original Message-----
From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com]
On Behalf Of Nikhil Wagholikar
Sent: Tuesday, June 05, 2007 5:52 PM
To: security-basics_at_securityfocus.com
Subject: Re: TACACS+ vs. RADIUS

Hello Mohamed Farid,

RADIUS is an AAA protocol; hence it supports all -- Authentication,
Authorization & Accounting. I commented that RADIUS combines
Authentication & Authorization -- by this I mean to say RADIUS doesn't
clearly separates Authentication & Authorization method/process; by no
way I meant that RADIUS doesn't support Accounting!!

As to your second query, my second point clearly specifies the same.

---------
Nikhil Wagholikar
Security Analyst

NII Consulting
Web: www.niiconsulting.com

On 6/5/07, Mohamed Farid <mfarid_at_mscc.com.eg> wrote:
> Nikhil :
> You mentioned that Radius supports Authentication and Authorization -
> what about accounting ?
>
> If I use Radius : Can I know what commands have been added by whom ?
or
> it's available only for TACACS ?
>
> Mohamed Farid ,,
> Telecommunication & Security Department Manager ,,,
>
> Mediterranean Smart Cards Company ,,
> 92 Tahreer Street. Dokki / Cairo / Egypt
> Website : www.mscc.com.eg
> Email : mfarid_at_mscc.com.eg
> Phone : +2 02 3331439/+2 02 3331400
> Fax : +2 02 7621164
> Mobile : +2 0122258350
>
> -----Original Message-----
> From: listbounce_at_securityfocus.com
[mailto:listbounce_at_securityfocus.com]
> On Behalf Of Nick Owen
> Sent: Monday, June 04, 2007 9:09 PM
> To: Nikhil Wagholikar
> Cc: security-basics_at_securityfocus.com; kkmookhey_at_niiconsulting.com
> Subject: Re: TACACS+ vs. RADIUS
>
> Excellent points Nikhil. I would only add that if you ever want to
> roll-out two-factor authentication you should go with radius. While
we
> support TACACS+, many two-factor systems do not. Plus, there are a
> number of good, free radius servers such as Freeradius and Microsoft's
> IAS server. IIRC, IAS will first validate that the user is active in
> AD, then proxy the auth request to a 3rd party server.
>
> As for location, keep in mind that these protocols are encoded, but
not
> encrypted.
>
> hth,
>
> Nick
> --
> Nick Owen
> WiKID Systems, Inc.
> 404.962.8983
> http://www.wikidsystems.com
> Commercial/Open Source Two-Factor Authentication
> irc.freenode.net: #wikid
>
>
> Nikhil Wagholikar wrote:
> > Hello Rlafosse,
> >
> > Here is a short description about differences between RADIUS &
TACACS
> > implementation:
> >
> > 1. Make:
> >
> > RADIUS is a Industry standard developed by Livingston.
> > TACACS is CISCO proprietory.
> >
> > 2. Command Execution rights:
> >
> > RADIUS has no provision given to users as to which command that they
> > can run on the router.
> > TACACS has two provisions provided to user for the commands that
they
> > can run on the router:
> > a. Based on users
> > b. Based on groups
> >
> > 3. Protocol Support:
> >
> > RADIUS doesn't offer support to traditional protocols like ARA, X.25
> PAD
> > & NASI.
> > TACACS provides support to multiple protocols.
> >
> > 4. AAA Segregation:
> >
> > RADIUS combines Authentication & Authorization.
> > TACACS clearly segregates/separates Authentication, Authorization &
> > Accounting.
> >
> > 5. Protocol Utilization:
> >
> > RADIUS works on UDP whereas TACACS works on TCP.
> >
> > 6. Encrption level:
> >
> > RADIUS only encrypts the password in the requested packet
connection.
> > TACACS encrypts the whole body of requested packet connection.
> >
> > So now we can clearly analyze the difference & understand that
TACACS
> > implementation is much secured as compared to RADIUS implementation.
> >
> > Happy AAA implementation.
> >
> > ----------
> > Nikhil Wagholikar
> > Security Analyst
> >
> > NII Consulting
> > Web: www.niiconsulting.com
> >
> >
> > On 6/2/07, Lafosse, Ricardo <rlafosse_at_sfwmd.gov> wrote:
> >> Hello all,
> >> I am considering implementing either RADIUS or TACACS+ any insight
or
> >> experiences would be helpful. Also where would be the most
beneficial
> >> location to place it on my infrastructure (DMZ)?
> >>
> >> Cheers,
> >> Ricardo
> >>
> >>
> >>
> >
>
>
> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> This e-mail (including attachments) is classified as Mediterranean
Smart Cards Company confidential and proprietary information
> The recipient hereby is committed to hold in strict confidence the
contents of this (e-mail, document, and information) and not to disclose
to any third party without the prior written consent of Mediterranean
Smart Cards Company.
> Recipient will be held liable for any unauthorized disclosure.
> It is intended solely for the addressee. Unless you are the addressee,
you may not read, copy, use or store this e-mail in any way, or permit
others to.
> If you have received it in error, please notify the sender by return
e-mail and delete the message in its entirety, including any attachments
> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
>
>
>
Received on Jun 06 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos