Page 138 - StudyBook.pdf
P. 138

122    Chapter 3 • Communication Security: Remote Access and Messaging

             for routing.This is known as packet sequencing.At the receiving end, the TCP/IP
             organizes the file into its original format before it was sent. Packet sequencing
             (along with time stamping) is the general method of preventing replay attacks;
             however,TACACS+ sessions always start with a sequence number of 1. If a packet
             cannot be reorganized in the proper sequence at the receiving end, the entire mes-
             sage (or file) is unusable. Other common weaknesses of TACACS+ include:

                  ■   Birthday Attacks  The pool of TACACS+ session IDs is not very large,
                      therefore, it is reasonable that two users could have the same session ID

                  ■   Buffer Overflow  Like RADIUS,TACACS+ can fall victim to buffer-
                      overflow attacks.

                  ■   Packet Sniffing The length of passwords can be easily determined by
                      “sniffing” a network.
                  ■   Lack of Integrity Checking  An attacker can alter accounting records
                      during transmission because the accounting data is not encrypted during
                      transport.
                Decisions To Be Made: RADIUS vs. TACACS+

                Both RADIUS and TACACS+ get the job done. Both provide exceptional
           Head of the Class…  their share of problems. Specifically, the two issues that differentiate
                user authentication, both are transparent to the end user, and both have

                them are separation of duties and the need for reliable transport proto-
                cols.
                In terms of separation of duties, RADIUS lumps all of the AAA functions
                into one user profile, whereas TACACS+ separates them.
                     We know that TACACS+ uses TCP for its transport protocol. Both
                RADIUS and TACACS, on the other hand, use UDP. If reliable transport
                and sensitivity to packet disruption is important, TACACS+ is the better fit



             PPTP/L2TP

             As mentioned earlier, there are several standard tunneling protocol technologies in
             use today.Two of the most popular are PPTP and L2TP, which are Layer 2 (Data
             Link Layer) encapsulation (tunneling) protocols using ports 1723 and 1701, respec-
             tively. However, PPTP and L2TP use different transport protocols: PPTP uses TCP
             and L2TP uses UDP.







          www.syngress.com
   133   134   135   136   137   138   139   140   141   142   143