Version: 1.0.2AAA protocols
- AAA stands for (Authentication, Authorization, Accounting)
- Family of protocols that mediate network access.
- Sometimes these protocols are used in combination with
- Most commonly used protocol is RADIUS and then Diameter, meanwhile older systems use TACACS and TACACS+
RADIUS
- Stands for Remote Authentication Dial In User Service
- 📝 Commonly used by ISPs (Internet Service Providers) and corporations for access control
- Primarily used to manage access to the internet or other networks
- Networks can employ a variety of networking technologies, including analog modems, DSL, wireless local area networks (WLANs), and VPNs.
- Based on UDP (User Datagram Protocol)
- Flexible and extensible offering a variety of ways to authenticate the user
- Requires setting-up a RADIUS back-end server.
- Usually integrated with AD (active directory)
Extensible Authentication Protocol (EAP)
EAP Transport Layer Security (EAP-TLS)
- Secure standard using TLS protocol
- Requires mutual authentication
- Where the client-side certificate can be stored in e.g. smart cards.
Diameter
- Successor to RADIUS
- Not directly backwards compatible
- Security is provided by IPsec or TLS and privacy protocols.
TACACS
- Terminal Access Controller Access-Control System
- Remote authentication protocol
- Commonly used in networks of UNIX systems
TACACS+ (TACACS plus)
- Terminal Access Controller Access-Control System Plus
- Provides access control for routers, network access servers, and other
networked computing devices via one or more centralized servers.
- Based on TACACS but an entirely new protocol (incompatible with TACACS)
- Runs on older systems but generally replaced by RADIUS