8. TACACS+ Server Flashcards

1
Q

What is an Access Control Server (ACS)?

A

An ACS (Access Control Server) is a central database of usernames and passwords.

On an enterprise network we have hundreds or thousands of users who need to access multiple systems. Creating a separate user name and PW can be unmanageable., so we can use a ACS. Must inform the router that it needs to access the ACS for authentication and autherrisation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Whar are RADIUS and TACACS+

A

There is always one of two protocols sitting between the client and the ACS (Access Control Centre). This is either RADIUM or TACACS+

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is AUTHENTICATION?

A

Authentication determines the identity of the client. Can be done with use of username and password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is AUTHORISATION?

A

Authorisation occurs after authentication & involves the assignment of privileges. E.g. the resources you can access, the tasks you can perform and how long you have access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is ACCOUNTING?

A

This is the logging of user activity, what they access and when / how long for.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is AAA?

A

AAA means Authentication Authorisation and Accounting - the fundementals of accessing a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is TACACS+?

A

TACACS+ is Terminal Access Control System Plus. It is developed by Cisco

It uses a client server model.
The Network Access Server (NAS) acts in the CLIENT role.

Performs AAA over a secure TCP connections on Port 49.

The TACACS+ device performs server tasks.

While the RADIUS commbines the authentication and authorising oricesses, the TACACS+ seperates them.

The NAS or NAD communicates with the TACACS+ server to obtain the username by using the CONTINUE message

The NAD then contacts the TACS+ server to obtain the PW.
The TACACS will respond with an ACCEPT message if the credentials are valid, or a REJECT message if they are invalid.
If the server is not working properly then an ERROR message is sent.

In terms of accounting, the client will send a REQUEST message and the TACACS+ serverr replies with an ACCEPT message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the advantages of TACACS+ over RADIUS?

A
  • More control than RADIUS
  • all AAA packets are encrypted (rather than RADIUS where only the PW packets are encrypted)
  • Uses TCP rather than UDP for communication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the disadvantages of TACACS+?

A
  • It is proprietry to Cisco so can only use with Cisco equipment
  • Less accounting support than RADIUS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the only TACACS+ packet that is not encrypted?

A

Packets are encrypted except for the TACACS+ header

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does the TACS header contain?

A

The header includes:
- the version number

  • the sequence number
  • the session ID.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly