RADIUS and TACACS+ Flashcards

1
Q

Enterprise Access on a Network

A

Hundreds/Thousands of users on a network

CISCO ACS (Access Control Server) - Central database of usernames and passwords
RADIUS and TACACS+ = One of 2 protocols sitting between a client and AP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security for Access Network

A

AAA - Authentication, Authorisation and Accounting (Basic fundamentals for accessing a network)
- Authentication determined identity of client (Achieved using user name and password
- Authorisation (Involved assignment of privileges - resources like service you may access. Also includes tasks you can perform and for how long you have access
-Accounting - Logging user activity - What the user accesses and for how long

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Authentication

A

WPA/WPA2 - Pre Shared Key (PSK)

WiFi Protected Setup (WPS)
-AKA WiFi simple config
-2006 - WiFi Alliance

WPA/WPA2 Enterprise
-Individual Login and Password
- RADIUS (Remote Authentication Dial In User Service) Server

Found in large orgs where you may have users connecting on a wireless network.
No regular key exchanges as each user is authenticated based on his/her username or password
A master key is then exchanged which allows network admins to have control of who has access to wireless network
Again, every user has a different password and credentials and removing a user from a network is not that difficult

Look up WPA Enterprise Diagram

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Please explain Diagram

A

Remote users wishing to connect to Network Access Server (NAS)
Using RADIUS protocol - Access request is sent to remote user database which authenticates user and and access accept or reject is sent from RADIUS server -> NAS -> Remote User

The NAS allows connected customers to have access to internet.
Provides interface to both local telecomm service providers like phone company but also to the www

NAS = Media gateway or remote access server (RAS) - And may include its own authentication services or else on a separate authentication server
In this case there is an AV authentication server (Radius Server)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Explain TACACS+

A

Terminal Access Controller Access Control System Plus
Developed by CISCO
AAA (Authentication, Authorisation and Accounting) over secure TCP connection on port 49.
RADIUS combines Authentication and Authorisation - TACACS+ Separates these functions
Network Access Server (NAS) Acts in client role

TACACS+ uses a client server model in which a network access device (server) acts in a client role and a TACACS+ equiped device performs sever tasks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

TACACS+ cont’d

A

Network Access Device (NAD) Communicates with TACACS+ Server
- To obtain username prompt by using cont msg, the nad will then contact the TACACS+ server to obtain password -> TACACS+ server will respond with accept or reject message

ADV:
More control than RADIUS
AAA Packets Encrypted
TCP

DISADV:
Only used with Cisco equipment - since protocol is proprietary to Cisco
Less accounting support than RADIUS server

Packets are encrypted except for TACACS+ header

Header
-Version no.
-Sequence no.
-Session ID

TACACS protocol - see IETF (Internet Engineering Task Force)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly