Search This Blog

AAA and RADIUS vs TACACS+

  What is AAA? Authentication, Authorization & Accounting

AAA, Authentication, Authorization, and Accounting framework manages the user's activity on a network it wants to access by authentication, authorization, and accounting mechanism. AAA uses effective network management that keeps the network secure by ensuring that only those granted access are allowed and their activities while in the network are monitored and logged.

AAA uses methods to challenge whoever wants network access by asking them for their authorized and authenticated credentials to prove they are legitimate users before gaining access to the network. AAA is widely used in network devices such as routers, switches, and firewalls, just to give a few to control and monitor access within the network.

AAA addresses the limitations of local security configuration and the scalability issues that come with it. For example, if you need to change or add a password, it has to be done locally and on all devices, which will require a lot of time and resources. An external AAA server solves these issues by centralizing such tasks within the network. Having backup AAA servers in the network ensures redundancy and security.


=====================================================================.


Authentication

This is a method on the AAA framework wherein the user's credentials are being challenged by asking, for example, their username and password, which is encrypted using a hashing algorithm that makes it harder for the hackers to intercept.

 

Authorization

Once the user's credentials are authenticated, the authorization process determines what that specific user is allowed to do and access within the premise of the network. Users are categorized to know what operations they can perform, such as Administrator or Guest. The user profiles are configured and controlled from the AAA server. This centralized approach eliminates the hassle of editing on a "per box" basis.

 

Accounting

The last process in the AAA mechanism accounts for everything the user is doing within the network. AAA servers monitor the resources being used during the network access. Accounting also logs the session statistics and auditing usage information that is being used, usually for authorization control, billing invoice, resource utilization, trend analysis, and planning the data capacity of the business operations.


AAA Protocols

The two most commonly used protocols in implementing AAA are authentication, authorization, and Accounting in the network. RADIUS and TACACS+ are open standards that are used by different vendors to ensure security within the network.

Remote Authentication Dial-In User Service (RADIUS) – is a networking protocol operating on ports UDP 1645 and UDP 1812 that provides centralized AAA management for users who connect and use a Network Access Server (NAS), such as a VPN concentrator, router, and switch. This client/server protocol and software enables remote access servers to communicate with a central server to perform AAA operations for remote users. This protocol operates at the application layer and can use TCP or UDP transport protocol.

 

Terminal Access Controller Access-Control System Plus (TACACS+) – is a remote authentication protocol that allows a remote access server to communicate with an authentication server to validate user access to the network. TACACS+ permits a client to accept a username and password and pass a query to a TACACS+ authentication server.

No comments: