HostedDB - Dedicated UNIX Servers

index_157
UNCLASSIFIED Implementing Security on Cisco Routers  Version 1.0g  UNCLASSIFIED 157   Central(config)# radius-server key W@t7a8y-2m@K3aKy RADIUS servers are freely available and are in extensive use.  To perform authentication and authorization a RADIUS server uses attributes.  These attributes can be configured to allow/deny access to various router and network services.  For more details see the Security Configuration Guide on "Configuring RADIUS" and "RADIUS Attributes" sections for more details. TACACS+ Terminal Access Controller Access Control System plus (TACACS+) is the most recent Cisco security protocol designed to provide accounting and flexible control of authentication and authorization services.  TACACS+ is implemented by Cisco using the AAA mechanisms and provides for the centralized validation of users using routers and network services.  TACACS+ protects communications using a shared secret key between the network device and central server.  TACACS+ was designed with Cisco implementations in mind so it offers a wide range of AAA services including full auditing of Cisco AAA accounting events. The primary commands used for configuring TACACS+ on a Cisco router are: § tacacs-server host {hostname | ip-address} [port port- number] [key string]  command can be used to specify the host, IP address or DNS name, where the TACACS+ server is running.  The [port integer] can be used to specify a new port number.  The [key string] sets the secret key for this TACACS+ server host overriding the default but should follow same creation rules as the default. § tacacs-server key string command sets the default TACACS+ shared encryption key.  The shared secret key should be at least 16 characters long and follow the other rules for a good password as described in Section 4.1.4. For a complete list of TACACS+ router configuration commands see the "TACACS,   Extended  TACACS, and  TACACS+  Commands" section in the "Security Command Reference".  Simple example for Central: Central(config)# tacacs-server host 14.2.6.18 Central(config)# tacacs-server key W@t7a8y-2m@K3aKy TACACS+ implementations are available through Cisco Secure ACS and Cisco also offers a free implementation as well.  TACACS+ uses attribute-value pairs for controlling authentication and authorization services.  These attribute-value pairs are configured on the server and used by the router authorization mechanism to control access to network services.  For more details on the TACACS+ and attribute-value pairs see the Security Configuration Guide sections "Configuring TACACS+" and "TACACS+ Attribute-Value Pairs".