Study the comparison of RADIUS and TACACS below and answer the question

Question

Study the comparison of RADIUS and TACACS below and answer the question 
that follows:
       Column A                                                      Column B                                                         Column C
       Feature                                                         RADIUS                                                            TACACS+
A.   Transport protocol                                        User Datagram Protocol (UDP)                        Transmission Control Protocol (TCP)
B.   Authentication and authorisation                  Combined                                                         Separate
C.   Communication                                            Unencrypted                                                      Encrypted
Using appropriate examples for each feature (A – C) in column A above, explain 
the differences between RADIUS and TACACS+ authentication services using the 
descriptions in column B and column C.

GPT 3.5 · Answer

A. The transport protocol used by RADIUS is User Datagram Protocol (UDP), which is a connectionless protocol that does not guarantee the delivery of packets. On the other hand, TACACS+ uses the Transmission Control Protocol (TCP), which is a connection-oriented protocol that ensures reliable and ordered delivery of packets.

For example, if a RADIUS server receives a packet from a network device, it may not acknowledge the receipt of that packet. This means that the network device may need to retransmit the packet if it does not receive a response from the RADIUS server. In contrast, with TACACS+, the network device and the TACACS+ server establish a connection, and acknowledgment packets are sent back and forth to confirm the successful delivery of packets. This ensures that the packets are reliably transmitted.

B. RADIUS combines authentication and authorization in a single step. When a user attempts to access a network device, RADIUS verifies the user's credentials and checks if the user has the necessary permissions to access the requested resources. If the credentials are valid and the user is authorized, access is granted. This combined process is efficient and suitable for many network implementations.

On the other hand, TACACS+ separates the authentication and authorization processes. Authentication involves verifying the user's credentials, while authorization determines the user's permissions. In TACACS+, these two steps are performed separately. For example, during authentication, the TACACS+ server may check the user's identity and credentials. Once authenticated, the authorization process follows to determine the user's level of access. This separation allows for greater flexibility and more granular control over user permissions.

C. RADIUS communication is generally unencrypted, meaning that the data exchanged between the RADIUS client (network device) and the RADIUS server is not protected and can be easily intercepted or tampered with. This lack of encryption makes RADIUS susceptible to security vulnerabilities.

On the other hand, TACACS+ communication is encrypted, which ensures the confidentiality and integrity of the data being exchanged. By using encryption, TACACS+ protects sensitive information from unauthorized access or modification. For example, when a user sends their credentials to a TACACS+ server for authentication, the credentials are encrypted, making it difficult for an attacker to intercept and decipher the information.

In summary, RADIUS and TACACS+ differ in terms of the transport protocol used, the combination or separation of authentication and authorization processes, and the encryption of communication.