+ Reply to Thread
Results 1 to 9 of 9
  1. Senior Member Devilsbane's Avatar
    Join Date
    Apr 2010
    Posts
    4,203

    Certifications
    MCSE:Security, MCDST, A+, Network+, Security+, ITIL V3 Foundations, ITIL 2011 Intermediate: Service Transition, MOS 2007 (MCAS) BAS Computer Forensics
    #1

    Default TACACS vs TACACS+

    Still pretty early in the book, but I would like to make sure I have things straight. From my understanding, the following is true. Please correct if wrong.

    TACACS is Cisco's version of a RADIUS server. It is better because it encrypts the entire authentication rather than just the password. TACACS+ is an updated version of TACACS that also supports Kerberos, so that it can authenticate with Active Directory.

    I think that is what I am reading, but it isn't laid out as clearly as I had hoped.

    Thanks
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Oct 2005
    Posts
    1,030

    Certifications
    CCNP (R&S/Voice), CCDP, CCIP, VCP, NCDA, MCSE, CCNA Security
    #2
    TACACS is an old open protocol. TACACS+ was developed by Cisco.

    TACACS - Wikipedia, the free encyclopedia
    Reply With Quote Quote  

  4. Senior Member Devilsbane's Avatar
    Join Date
    Apr 2010
    Posts
    4,203

    Certifications
    MCSE:Security, MCDST, A+, Network+, Security+, ITIL V3 Foundations, ITIL 2011 Intermediate: Service Transition, MOS 2007 (MCAS) BAS Computer Forensics
    #3
    Quote Originally Posted by kalebksp View Post
    TACACS is an old open protocol. TACACS+ was developed by Cisco.

    TACACS - Wikipedia, the free encyclopedia
    Thanks for this.

    Don't know if it will really help me on the test, but it does help me wrap my head around the technology. Plus it will keep me from saying stupid stuff that lets everyone know that I'm a noob.

    Other than that, is my understanding correct?
    Reply With Quote Quote  

  5. Member
    Join Date
    Jun 2010
    Posts
    49

    Certifications
    A+, Network+, Security+, 70-680, 70-642
    #4
    I'm not too familiar with the differences between TACAS and TACAS+ but the info you mentioned sounds too me like the differences between TACAS+ and RADIUS.

    RADIUS encrypts only the password. TACAS+ encrypts the entire session. TACAS+ more reliable TCP. RADIUS UDP. RADIUS combines authentication and authorisation. TACAS+ splits. TACAS+ can interact with a Active Directory environment and use Kerberos.
    Reply With Quote Quote  

  6. Member
    Join Date
    Jun 2010
    Posts
    69
    #5
    Also If my memory is correct TACACS and TACACS+ are not compatible with each other even though the names sound similar. Also I remember reading something about TACACS vulnerability is integrity and is suspect to replay attacks and spoofing. This is just by memory though let me know if any of this is wrong guys.
    Reply With Quote Quote  

  7. Go ping yourself... phoeneous's Avatar
    Join Date
    Dec 2008
    Location
    Console.WriteLine("Yo");
    Posts
    2,316

    Certifications
    Pimp status
    #6
    On a side note, TACACS+ is most awesome because you don't have to create 50 million vpn user accounts.
    Reply With Quote Quote  

  8. Senior Member Devilsbane's Avatar
    Join Date
    Apr 2010
    Posts
    4,203

    Certifications
    MCSE:Security, MCDST, A+, Network+, Security+, ITIL V3 Foundations, ITIL 2011 Intermediate: Service Transition, MOS 2007 (MCAS) BAS Computer Forensics
    #7
    Quote Originally Posted by xSequentialx View Post
    RADIUS encrypts only the password. TACAS+ encrypts the entire session. TACAS+ more reliable TCP. RADIUS UDP. RADIUS combines authentication and authorisation. TACAS+ splits. TACAS+ can interact with a Active Directory environment and use Kerberos.
    I thought I read that TACACS uses both TCP and UDP port 49. I could be mistaken though.
    Reply With Quote Quote  

  9. Senior Member miller811's Avatar
    Join Date
    Oct 2007
    Location
    Nashville
    Posts
    896

    Certifications
    CCNP, CCDP, MCSA, Security +. Network +, A+
    #8
    From Amazon.com: Network Security Bible (9780470502495): Eric Cole: Books

    A TACACS - enabled network device prompts the remote user for a username and STATIC password. TACACS does not support prompting for a password change or for the use of dynamic password tokens.

    TACACS+ provides for dynamic passwords, two-factor authentication and improved audit functions.
    Reply With Quote Quote  

  10. Member
    Join Date
    Jun 2010
    Posts
    49

    Certifications
    A+, Network+, Security+, 70-680, 70-642
    #9
    Quote Originally Posted by Devilsbane View Post
    I thought I read that TACACS uses both TCP and UDP port 49. I could be mistaken though.
    TACAS uses both TCP and UDP but TACAS+ uses TCP
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks