|
Company contact:
Randall Sutherland
Cisco Systems, Inc.
(408) 526-8847
Agency contacts:
William Orrange
Janis Ulevich
Ulevich & Orrange, Inc.
(415) 329-1590
SAN JOSE, Calif., March 13, 1995---Cisco has enhanced its implementation of the Terminal Access Controller Access Control System (TACACS) protocol, which helps network administrators build complete security systems for dial-up access users. TACACS+, descended from a server-based security protocol first proposed to the ARPA-Internet community in 1984, includes support for independent user authentication, authorization and accounting processes.
Kevin Kennedy, product management director of Cisco's remote access products, said, "Network access security has become a critical issue with the proliferation of individual users connecting to the corporate network through portable or home computers. Host security that was good enough for terminal access is inadequate for remotely connected users who can roam the corporate network at will. TACACS+ lets network administrators for the first time install a fine-grained, highly flexible security system based on a common protocol."
TACACS+ will be included with Cisco's IOS in the second quarter of 1995. It will be supported across Cisco's router and access server product families. Cisco is helping IETF working groups to develop a request for comment (RFC) defining TACACS+ as a standard protocol specification. The original TACACS authentication protocol is defined by IETF RFC 927 and updated by RFC 1492.
Network access security systems consist of a protocol specification, protocol support within access servers and routers, and a centralized security database that supports the network access security protocol. TACACS+ is the protocol that defines the transfer of authentication, authorization and accounting information between an access server and a centralized database. Token authentication vendors including Digital Pathways, Enigma Logic, Secure Computing Corporation and Security Dynamics currently support TACACS and are in the process of integrating TACACS+ with their products. Users will be able to implement token card systems from these vendors and use Cisco Access Servers with TACACS+ to forward token authentication requests. TACACS+ also encrypts password information and forwards it over the network.
TACACS+ can translate password types for ARA, SLIP, PPP PAP and CHAP, and standard telnet. Network administrators can provide one user name and password with which the user can access the network from any protocol.
Because TACACS+ supports multiple challenge and response demands from the security server, token card vendors such as Security Dynamics and Enigma Logic can implement such advanced features as returning a new token-generated number to the card after the original number has been processed by a security server.
The authentication component provides complete server control of the authentication process, including login and password query, challenge and response, and messaging. User authentication supports IP and telnet today (and IPX and ARA in the future) to maintain a user profile designating restrictions on network access or command-permission.
TACACS+ provides the security server with the authentication mechanism needed to manage per-user access lists when a user connects to the network. IP access lists are supported today. ARA and IPX per-user access will be supported in the future. The feature allows network administrators to provide limited dial-up access to the network for nonemployees such as consultants and partners.
TACACS+ uses the TCP protocol to transmit accounting information to a database. The accounting component contains the user's network address, username, service attempted, protocol used, time and date, and the packet filter originating the log. Telnet connections also contain source and destination port, action taken (communication accepted or rejected), log and alert type.
Network managers can use the accounting component to track user activity for a security audit trail or to collect billing information such as connect time, user ID, connection location, and start and stop time.
Starting in the second quarter of 1995, Internet users can access sample TACACS+ server C code and the protocol specification from Cisco through the World Wide Web (www.cisco.com) and Cisco's Customer Information Online service (telnet cio.cisco.com).
Cisco Systems, Inc. is the leading global supplier of enterprise networks, including routers, LAN and ATM switches, dial-up access servers and network management software. These products, integrated by Cisco's Internetwork Operating System (IOS) link geographically dispersed LANs, WANs and IBM networks. Cisco is headquartered in San Jose, Calif., and in the U.S. is traded under the NASDAQ symbol CSCO.
###
Posted: Fri Mar 5 02:59:12 PST 1999
All contents copyright © 1992--1999 Cisco Systems, Inc. Important Notices and Privacy Statement.