- Centralized Access Control
- CALLBACK: The system authenticates by calling back to a specified location, though this method can be vulnerable if the user forwards the number.
- CHAP (Challenge-Handshake Authentication Protocol): Part of PPP, supporting encryption for secure authentication.
- XTACACS: Extends TACACS by separating the authentication, authorization, and accounting processes.
- TACACS+: An enhanced version of TACACS, providing stronger security through the use of tokens.
- TACACS (Terminal Access Controller Access Control System)
- Basic TACACS: Administers user passwords centrally rather than on individual routers. Users provide a username and static password, which is then verified by a TACACS server. Does not support dynamic passwords or prompting for password changes.
- TACACS+: Offers improvements such as two-factor authentication, the ability to change user passwords, resynchronization of security tokens, and enhanced audit trails and session accounting. Operates on port 49.
- RADIUS (Remote Authentication Dial-In User Service)
- Function: A client/server protocol where clients send authentication requests to a central RADIUS server containing user authentication data and network ACLs.
- Limitations: RADIUS does not support two-way authentication and is typically not used for router-to-router authentication. Operates on port 1812 with default UDP.
- Security: Includes dynamic password support and network service access information but is not considered an SSO solution. It can be secured with TLS over TCP.
- Application: The RADIUS server provides AAA (Authentication, Authorization, and Accounting) services for multiple remote access servers.
- DIAMETER
- Function: A more secure alternative to RADIUS, designed for remote connectivity via phones, wireless, and other means.
- Security Note: It addresses security concerns such as the ease of monitoring unencrypted cordless phone signals.
This overview highlights the various centralized access control methodologies and remote access authentication systems, emphasizing their strengths, limitations, and appropriate use cases.