About Authentication, Authorization, and Accounting (AAA) in Cyber Security
In this post, I will show you what is AAA, and what are the protocols used with AAA Framework in very straight and easy points.
let’s get started.
The Authentication Process is used to verify the user’s identity — How? There is a server named (AAA) Server. It has its own users database or it can point to other databases like Active Directory. It needs to validate the credentials of the users whether Password OR Certificate
The next Phase is the Authorization process. Once Authentication is successful, the AAA Server will decide based on the policy which permissions should be given to Users to access resources.
The Accounting Process is used to Log the Activity. When The User Logged in? For how long did they stay in the network? It’s just tracking of users’ activities also for administrators who might access such devices as routers and switches
What are the (AAA) Protocols?
TACACS+: Cisco Based and Less popular
Radius: Open Standard and More Popular
Based on OSI Model — Both Protocols are running on Layer 7 which means they have a payload to carry information to the network.
Both Protocols run on Layer 7 so it need transport — which is Layer 4
What are the layer 4 Protocols which are working with Radius and TACACS+?
TACACAS+ Use TCP [ Port 49 ] as Layer 4
Radius Use UDP [ Port : OLD 1645 / 1646 — NEW 1812 / 1813 ].
Here, Radius is Faster Than TACACS+ because Radius uses UDP which is not required for 3 Way-Handshake
Why does Radius use two Ports?
First Port OLD 1645 / NEW 1812 For Authentication / Authorization
Second Port OLD 1646 / NEW 1813 For Accounting
Which one is more Secure?
TACAS+: More Secure because it Encrypts Whole Packet including Username and Password
Radius: Encrypt only the Password and keep the Username
If we do a Wireshark, you will find the Whole Packet or password encrypted based on Protocol ( TACACS+ OR Radius )
Radius has more features [ More Popular, Faster, open Standard ]. Why does Cisco Still use TACACS+?
Because of Command Authorization.
In TACAS+: all the processes (Authentication, Authorization, and Accounting) are in separate steps — meaning-Each one of these processes has its request and response. For Example, admin wants to do a “show run “, this command will be sent to AAA Server in Authorization Phase to see if the user has access to use it
In Radius: Authentication and Authorization are in One Step. For example, when the admin wants to do a” Show run “, he will send an authentication request and wait for authorization — this process is required for every command that is NOT Scalable. In other words: We Can use Radius with Device administration like Routers / Switches without Command Authorization Feature. So you control user access based on the privilege level which is configured in the device whether the Privilege level 15 or 1 or whatever.
Conclusion
AAA is Framework Processes of Authentication, Authorization, and Accounting. The Protocols used with This Framework are Radius and TACACS+.
TACACS+ :
- It is Layer 7 protocol
- Use TCP with Port 49 as Transport Layer
- Cisco-based
- Less Popular than Radius
- Encrypt Whole Packet
- Support the main Feature ” Command Authorization
- Use with Device administration like routers / Switches.
Radius :
- It is Layer 7 protocol
- Use UDP with Two Ports — one Port for Authentication and Authorization — the other port for Accounting
- Open Standard
- More Popular than TACACS+
- Encrypt Only the password
- NOT Support the main Feature ” Command Authorization
- Use with Network Access.
For more information — You can check Cisco Website for Radius/TACACS+ Comparison and AAA
If you are interested in different Topics in different majors like Network and Data Center / Cloud-Click on this link
Thank you for reading !!
