abefroman wrote: » What are the main differences between Tacacs and Radius? And also Tacacs+ TIA
Darril wrote: » Both are used for remote access or network access where users are able to dial in remotely to access a network. More specifically, both are used in the authentication process for remote access. From a security standpoint, a primary difference is that: TACACS+ is more secure since it encrypts the entire authentication process. RADIUS encrypts just the password. Remote Authentication Dial-In User Service (RADIUS) is a generic standard that uses centralized authentication when more than one remote access server is being used. Instead of maintaining a database of authorized users on each remote access server, the database is maintained on the RADIUS server, and all of the remote access servers forward the authentication requests to this RADIUS server. Terminal Access Controller Access-Control System Plus (TACACS+) is used as an alternative over RADIUS. TACACS+ is proprietary to Cisco, but can interact with Kerberos making it compatible in a Microsoft network. RADIUS uses UDP while TACACS+ uses TCP. TACACS is considered legacy at this point and I think you'd be hard pressed to identify a remote access server still using it. Interestingly though, TACACS is specifically mentioned in the objectives for Security+ but TACACS+ is not. The objecives seem to have lumped the two together though they are not the same. HTH, Darril Gibson Author: CompTIA Security+: Get Certified Get Aheadwww.sy0-201.com Security+ BlogSecurity Plus: Get Certified Get Ahead Security+ Tip of day Tweets twitter.com/DarrilGibson
