I've been asked my opinions on implementing TACACS+ vs ssh to control access
to Cisco routers. I'm wondering if anyone has a comparision paper. Off
hand, here is how I compare them:
Pro TACACS+
- Central audits of who was on which router when.
- Do not need to purchase or get ssh clients.
Pro ssh:
- Not subject to telnet connection hijacking after the real user has
authenticated.
- If TACACS is set up, fixed fallback passwords are needed in case the WAN
link drops. So there is a fixed password already on the individual routers.
- No need to set up and manage a TACACS+ system.
Also, in light of the recent increased vulnerabilities found in ssh, like
being able to get the length of the password, has Cisco improved their ssh
package?
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
