Presentation is loading. Please wait.

Presentation is loading. Please wait.

CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)

Published byIsaac Bradley Modified over 9 years ago

Similar presentations

Presentation on theme: "CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)"— Presentation transcript:

1 CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)

2 Agenda  Introduction – TACACS+  Format and Header Values  TACACS+ Operations (AAA)  Vulnerabilities  Conclusion

3 Introduction – TACACS+  TACACS+ (terminal access controller access-control system plus), pronounced as “tack-acks plus”  TACACS+ originated from the TACACS and extended TACACS protocols. But it is not compatible with them.  A Cisco proprietary protocol.  provides the access control for routers, network access servers, and many other networked computing devices through one or more centralized servers.  Provides separate Authentication, Authorization, and Accounting services for server access.

4 Format and Header Values  Every TACACS+ packet has the 12 byte header.  Always sent in clear text format.

5 TACACS+ Authentication  who is allowed to gain access to the network.  Using usernames and passwords, or “one time” passwords.  takes place when the user first logs in to a machine or requests a service of it.  packet types: START, CONTINUE and REPLY.  START and CONTINUE are always sent by the client;  REPLY is always sent by the daemon.

6 TACACS+ Authentication Process  Authentication Process  1. connection request from the user;  2. START packet is sent to the AAA server;  3. REPLY packet is sent back, requesting user name;  4. sends a CONTINUE packet to AAA server with username;  5. REPLY packet is sent back, asking password;  6. sends a CONTINUE packet to AAA server with password;  7. REPLY packet is sent back to indicate a pass/fail of authentication;

7 TACACS+ Authorization  what a user is allowed to do.  what services the user has access to.  customize the service for the particular user.  An authorization session is defined as a single pair of messages, a REQUEST followed by a RESPONSE.

8 TACACS+ Authorization Process  Authorization Process  1. resource request from the user; (assuming authentication has already taken place)  2. A REQUEST packet is sent to AAA server for certain service;  3. A REPONSE packet is sent back, indicating a pass or fail;  4. user access is granted or denied;

9 TACACS+ Accounting  follows the processes of authentication & authorization  maintains complete accounting information  used either for billing purposes of the services or for security reasons.  TACACS+ accounting also uses the two message types: a REQUEST and a REPONSE

10 TACACS+ Accounting Process  Accounting Process  1. A resource request from user;  2. A REQUEST packet, including START, STOP, or CONTINUE, is sent to AAA server;  3. A RESPONSE packet is sent back, including SUCCESS, ERROR, or FOLLOW;

11 Vulnerabilities of TACACS+

12 Lack of Integrity Checking  No integrity checking exists in TACACS+  ‘MD5- encryption stream cipher’ mechanism is used.  Make changes to accounting packets. Example: Modifying elapsed time from 8000 to 1000

13 2) Vulnerability to replay attacks  No protection against replay attacks.  TACACS+ session starts with sequence number 1.  Accounting sessions have only one packet.  Duplicate accounting records can be produced, with forged task_id fields.

14 3) Session ID collision  More unique IDs the more stronger the encryption is.  Multiple sessions get the same ID, leading to frequency analysis attack.  Plaintext of one session know leads to decrypt the other session with the same sequence and session ID.  TACACS+ server encrypts reply packet with own session ID.(Mostly when the sequence number of the packet is 2).

15 4) The Birthday paradox  Session IDs are too small.  Leads to less unique IDs. Example: 100, 000 TACAS+ sessions  20, 000 dial up sessions  1000 matches per moth  Few 100 user passwords.

16 5) Lack of Padding  No padding in any fields or end of the packet.  Variable size data fields determined from the packet sizes.  Reveals the length of the user passwords.

17 6) MD5 Context Leak  Theoretical vulnerability  MD5- like hashes(16 bytes long) should be avoided.  TACACS+ packets encrypted by XOR’ing the MD5 hashes.  MD5_1=MD5(session_id, key, version, seq_no)  MD5_2=MD5(session_id, key, version, seq_no, MD5_1)

18 7) DoS and/or Overflow  Denial of Service – attempt to make resources unavailable to intended users.  Unlike others, it is an implementation defect.  No sanity check  Not check for an integer overflow in calculating the total memory size to allocate.

19 FIXES  Apply Packet Filtering  Choose Strong Encryption Keys  Avoid running tac_plus as root.

20 Conclusion  TACACS+ is a Cisco Proprietary protocol facilitating AAA model in Cisco Devices.  It provides AAA communication between AAA client and AAA server.  It improves on TACACS and XTACACS by separating the authentication, authorization and accounting.  More preferred since it uses TCP- reliable protocol.

21 Reference  [1] “The TACACS+ Protocol”, Version 1.78. by D. Carrel, Lol Grant, Cisco Systems, January, 1997. http://tools.ietf.org/html/draft-grant-tacacs-02 http://tools.ietf.org/html/draft-grant-tacacs-02  [2] “TACACS+ Protocol”, Version 1.76. by D. Carrel, Lol Grant, Cisco Systems, October, 1996. http://www.cisco.com/warp/public/459/tac-rfc.1.76.txt [3] Cisco Access Control Security: AAA Administrative Services, by Brandon Carroll. May 27, 2004 http://www.cisco.com/warp/public/459/tac-rfc.1.76.txt  [4] “TACACS+ Authentication for HTTP Server Users” http://www.cisco.com/warp/public/480/http-2.html http://www.cisco.com/warp/public/480/http-2.html  [5] “TACACS+ and RADIUS Comparison”. http://www.cisco.com/warp/public/480/10.html http://www.cisco.com/warp/public/480/10.html

22 Q & A?  Thanks!

Download ppt "CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)"

Similar presentations

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Umut Girit 200535027.  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Rick Graziani PPP authentication protocols 1. Link establishment - (LCPs) 2. Authentication - Optional (LCPs) 3. Link quality determination.

Rick Graziani PPP authentication protocols 1. Link establishment - (LCPs) 2. Authentication - Optional (LCPs) 3. Link quality determination.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.

What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.
Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.

Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.
Authentication servers: RADIUS TACACS+

Authentication servers: RADIUS TACACS+
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).

Similar presentations

Ads by Google