X

Authentication and Accounting Protocols

RADIUS

RADIUS is an access server authentication and accounting protocol that has gained wide support.

The RADIUS authentication server maintains user authentication and network access information. RADIUS clients run on access servers and send authentication requests to the RADIUS authentication server.

TACACS+ Authentication

With TACACS authentication, when a user requests to log in to a terminal server or a router, the device will ask for a user login name and password. The device will then send a request for validation to the TACACS server in its configuration. The server will validate the login and password pair with a TACACS password file. If the name and the password is validated, the login is successful.

There are two flavors of TACACS: an original TACACS and extended TACACS or TACACS+. The primary difference between the two is that TACACS+ provides more information when a user logs in, thus allowing more control than the original TACACS.

Lock-and-Key Security

Lock and Key challenges users to respond to a login and password prompt before loading a unique access list into the local or remote router.

In this example, Lock and Key security allows only authorized users to access services beyond the firewall at the corporate site.

Calling Line Identification

Caller ID is another security mechanism for dial-in access. It allows routers to look at the ISDN number of a calling device and compare it with a list of known callers. If the number is not in the list, the call is rejected and no charges are incurred by the calling party.

Categories: Security Basics