Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/15

Click to flip

15 Cards in this Set

  • Front
  • Back
What is TACACS+?
1. Current generation of the TACACS family of login host protocol

2. Separation of authentication, authorization and accounting processes

3. Is not backward compatibe with TACACS

4. Uses TCP as transportation protocoel

5. Operates over port 49 in the IANA database
Explain the TACACS+ client and server.
1. TACACS+ client is a NAS

2. TACACS+ server is a daemon process in Unix, Linux or Windows NT.

3. The connection between the TACACS+ client (NAS) and TACACS+ server IS encrypted

4. Encryption is done using a shared secret that is manually configured in each entity and is not shared through the connection

5. The connection between the TACACS+ client (NAS) and the user machine (PC) IS NOT encrypted.
Explain the encryption in TACACS+.
1. The connection between the TACACS+ client (NAS) and TACACS+ server IS encrypted

2. Encryption is done using a shared secret that is manually configured in each entity and is not shared through the connection

3. The connection between the TACACS+ client (NAS) and the user machine (PC) IS NOT encrypted.

4. The communication between the user machine and the TACACS+ client (NAS) is not secure because it is not encrypted.
TACACS+ Authentication (1) - Intro
1. Authentication is optional and is site-configurable

2. Where authentication is used, PPP PAP, PPP CHAP, Kerberos, tokens etc are used

3. The packets used are START, REPLY, CONTINUE

4. A default state of unknown user exists before authentication.
TACACS+ Authentication (2) - Steps
1. User machine initiates a connection with the NAS

2. NAS sends a START message to the server.

3. Server sends a REPLY message and asks for further inforamation needed.

4. NAS responds with a CONTINUE message.

5. Process continues until authentication is complete
TACASA+ Authentication (3) - START message
1. The NAS uses this message to describe the type of authentication used.

2. May contain additional information such as username/password.

3. Also sent as a response to a restart request from the TACACS+ server.
TACACS+ Authentication (4) - REPLY message
1. Used from communication server to NAS

2. Tells NAS whether the authentication is complete or whether server needs more information and what additional information server needs.
TACACS+ Authentication (5) - CONTINUE message
When the server needs additoinal information to complete authentication, NAS sends a CONTINUE packet containing this information.
TACACS+ Authorization (1) - Intro
1. Process determining permissions associated with user actions.

2. Is optional

3. If included, occurs after authentication.

4. Permissions can be determined for the default state of 'unknown user'.

5. Uses authenticated user identity for decision making.

6. Packets used- REQUEST and RESPONSE

7. One authorization session used one pair of REQUEST and RESPONSE packets.
TACACS+ Authorization (2) - Steps
1. NAS client initiates REQUEST message containing information about the user and the required resource, service or option

2. Server sends a RESPONSE message with the decision and applicable qualifying information
TACACS+ Authorization (3) - REQUEST packet
1. Issued by NAS

2. Contains fixed and variable information

3. Fixed information -> fields enumerating the user's authentication status

4. Variable information -> fields enumerating the resource for which authorization is needed
TACACS+ Authorization (4) - RESPONSE packet
1. Communicates the decision to the NAS.

2. Contains qualifying information such as IP addresses, time limits or shell access.
TACACS+ Accounting (1) - Intro
1. Optional process

2. Records time information about user activity

3. Used for billing

4. Used for generating logs and audit trails.

5. Uses START, UPDATE and STOP records.

6. Records are different from the messages
TACACS+ Accounting (2)- START and STOP records
1. START record provides time information about users starting a particular process or accessing a particular resource

2. STOP record provides ending time information about user activity
TACACS+ Accounting (3)- UPDATE record
Acts as an intermediary notice that a [articular task is still being performed