TACACS.netTM makes it easy to centrally manage and monitor access to routers, switches, and firewalls in large networks.
What is TACACS+?
TACACS+ is an Authentication, Authorization, and Accounting (AAA) protocol originally developed for the U.S. Department of Defense for authentication to network devices such as routers, switches, and firewalls. Unlike RADIUS, it separates the Authentication and Authorization functionalities, which makes it more flexible for administrative access. The current version of the protocol standard was developed by Cisco Systems.
How is TACACS+ Implemented?
The TACACS+ protocol is already included in most Enterprise and Carrier-grade network devices. It is transparent to users. No intermediate server is needed. Once implemented, the user can log in directly to the device using one of the available identity stores. The administrator sets policies that control which devices they can access and what functionalities or commands are available. The server generates logs of the commands entered by each user.
Why do I need TACACS+?
TACACS+ simplifies network administration and increases network security. It does this by centralizing management of users on your network and enabling you to set granular access policies by users and groups, command, location, time of day, subnet, or device type. The TACACS+ protocol also gives you a complete log of every user’s login, what commands were used, when they were entered, and where they came from. TACACS+ is a security best practice and recommended or required for compliance with most network security standards for E-Commerce, Health Care, Finance, and Government networks.
Why should I choose TACACS.net?
TACACS.net software will turn your Windows PC or Server into a fully functioning TACACS+ server that can be used to enable specified local or Active Directory users access to log into and manage network equipment securely with Single Sign-On (SSO). Centralizing your user authentication on your Domain Controller or PC improves network security, saves you money, simplifies administration, and makes life easier for your users.
Is TACACS+ proprietary?
The TACACS+ protocol is not proprietary. It is an open standard defined by RFC 1492 and IETF draft.
How is TACACS+ pronounced?
TACACS+ is usually pronounced as “TACK-axe”. The “plus” is implied, since TACACS+ is the latest version of the protocol.
What vendors support TACACS+?
Most large Enterprise or Carrier-class network device manufacturers support TACACS+. Some vendors that support the TACACS+ protocol are: Adtran, Alcatel/Lucent, Arbor, Aruba, Avocent/Cyclades, Blade Networks, BlueCat Networks, Blue Coat, Brocade/Foundry, Ciena, Cisco/Linksys, Citrix, Dell, Edgewater, EMC, Enterasys, Ericsson/Redback, Extreme, Fortinet, Fujitsu, HP/3Com, Huawei, IBM, Juniper/Netscreen, Netgear, Nortel, Palo Alto Networks, Radware, Riverstone, Samsung, and many others. If you are unsure if your device supports the TACACS+ protocol, refer to the device documentation.
Does TACACS.net work with federated identity providers?
Most Federated Identity Providers like DUO, Okta, and Ping Identity support RADIUS, and we can interoperate with them using a RADIUS handoff.
Is TACACS.net software based on any other software or development kits?
TACACS.net is completely original code. It is not based on or derived from any other software.
What is TACACS.net software written in?
TACACS.net is written in .NET and C#.
Why is TACACS+ better than RADIUS for operator authentication?
For details on why TACACS+ is the preferred protocol for administrator access to network elements, please see the white paper TACACS+ Advantages.
Does TACACS.net run in virtualized environments?
TACACS.net can be deployed on VMs using vSphere, Hyper-V, KVM, and other virtualization systems.
Why is the installer so large?
The installer is large because it includes the .Net distributable files. Some of our customers install TACACS.net on secured networks that don’t have direct access to the Internet and this eliminates a potential roadblock for the installation process.
Does TACACS.net support privilege authorization?
TACACS.net can set authorization policy by user group, device, subnet, remote address, day, or time of day.
Does TACACS.net support accounting?
TACACS.net includes full accounting support including logs of commands entered. These logs can also be exported in multiple formats to log aggregators, analyzers, IDS or SIEM tools.
Does TACACS.net include a RADIUS service?
TACACS.net includes a RADIUS proxy, but is not a full-fledged RADIUS server. For information about why it is a bad idea to run TACACS+ and RADIUS on the same server, see the white paper TACACS+ Advantages.
How is High Availability configured?
TACACS+ has High Availability built into the protocol. Most Clients support 4 or more servers and will automatically fail over if one server is unavailable or unreachable.
Do I have to run TACACS.net on a Domain Controller?
TACACS.net is designed to run directly on a Domain Controller. This increases speed and stability. If you don’t want to run TACACS.net on a Domain Controller, you could also run it on a Read Only Domain Controller (RODC). We have customers that run TACACS.net on a Member Server and it works fine, but this is not a recommended configuration because it introduces a point of failure.
Is TACACS.net PCI compliant?
TACACS.net was designed for use in PCI compliant networks. TACACS.net enforces session idle timeouts and automated user lockouts. It additionally adds a lockout period so that the Administrator doesn’t have to manually unlock failed users.
Is TACACS.net HIPAA compliant?
HIPAA deals primarily with the confidentiality of patient records and does not require TACACS+, but it is a best practice.
Is TACACS.net FIPS compliant?
TACACS.net is FIPS compliant, but uses some of the crypto libraries that are disabled when running Windows in FIPS mode. In order to run TACACS.net you will need to disable FIPS mode on the server and submit an exception. Versions of TACACS.net before 2.1 are not FIPS compliant because they don’t support TCP logging.
What Operating Systems are supported?
TACACS.net supports Windows Vista or later and Windows Server 2008 or later.
Does TACACS.net run on Unix platforms?
TACACS.net runs on Windows servers and workstations only. Since most Enterprise customers use Windows Active Directory for their authentication database, this simplifies deployment, improves performance, and minimizes points of failure. TACACS.net works best when run directly on Domain Controllers.