What is the difference between Tacacs and Radius?

abefromanabefroman Banned Posts: 278
in Security+
What are the main differences between Tacacs and Radius? And also Tacacs+

TIA
· Share on FacebookShare on Twitter

Comments

  • DarrilDarril Member Posts: 1,588
    Both are used for remote access or network access where users are able to dial in remotely to access a network. More specifically, both are used in the authentication process for remote access.


    From a security standpoint, a primary difference is that:
    • TACACS+ is more secure since it encrypts the entire authentication process.
    • RADIUS encrypts just the password.
    Remote Authentication Dial-In User Service (RADIUS) is a generic standard that uses centralized authentication when more than one remote access server is being used. Instead of maintaining a database of authorized users on each remote access server, the database is maintained on the RADIUS server, and all of the remote access servers forward the authentication requests to this RADIUS server.

    Terminal Access Controller Access-Control System Plus (TACACS+) is used as an alternative over RADIUS. TACACS+ is proprietary to Cisco, but can interact with Kerberos making it compatible in a Microsoft network.

    RADIUS uses UDP while TACACS+ uses TCP.

    TACACS is considered legacy at this point and I think you'd be hard pressed to identify a remote access server still using it. Interestingly though, TACACS is specifically mentioned in the objectives for Security+ but TACACS+ is not. The objecives seem to have lumped the two together though they are not the same.

    HTH,

    Darril Gibson

    Author: CompTIA Security+: Get Certified Get Ahead
    www.sy0-201.com

    Security+ Blog
    Security Plus: Get Certified Get Ahead

    Security+ Tip of day Tweets
    twitter.com/DarrilGibson
    abefroman wrote: »
    What are the main differences between Tacacs and Radius? And also Tacacs+

    TIA
    Darril Gibson
    CompTIA A+, Network+, Security+ Blogs
    Daily Network+ and Security+ Test Taking Tips on Twitter
    · Share on FacebookShare on Twitter
  • abefromanabefroman Banned Posts: 278
    Darril wrote: »
    Both are used for remote access or network access where users are able to dial in remotely to access a network. More specifically, both are used in the authentication process for remote access.


    From a security standpoint, a primary difference is that:
    • TACACS+ is more secure since it encrypts the entire authentication process.
    • RADIUS encrypts just the password.
    Remote Authentication Dial-In User Service (RADIUS) is a generic standard that uses centralized authentication when more than one remote access server is being used. Instead of maintaining a database of authorized users on each remote access server, the database is maintained on the RADIUS server, and all of the remote access servers forward the authentication requests to this RADIUS server.

    Terminal Access Controller Access-Control System Plus (TACACS+) is used as an alternative over RADIUS. TACACS+ is proprietary to Cisco, but can interact with Kerberos making it compatible in a Microsoft network.

    RADIUS uses UDP while TACACS+ uses TCP.

    TACACS is considered legacy at this point and I think you'd be hard pressed to identify a remote access server still using it. Interestingly though, TACACS is specifically mentioned in the objectives for Security+ but TACACS+ is not. The objecives seem to have lumped the two together though they are not the same.

    HTH,

    Darril Gibson

    Author: CompTIA Security+: Get Certified Get Ahead
    www.sy0-201.com

    Security+ Blog
    Security Plus: Get Certified Get Ahead

    Security+ Tip of day Tweets
    twitter.com/DarrilGibson

    Helps, thanks!
    · Share on FacebookShare on Twitter
Sign In or Register to comment.