Centralized Authenticaton, Authorization and Accounting (AAA).
Centralized AAA using TACACS+

TCPWave appliances for network infrastructure services use TACACS+ for authentication, authorization, and accounting. TCPWave's unique methodology does not need a defined user as a local account on each appliance. Secure Shell (SSH) access to each appliance by proxying the user's credentials to a foreign AAA server. The system grants access if the user is defined on the foreign AAA server and has permission to enter the TCPWave appliance using SSH. This approach dramatically reduces the operational overhead to limit local accounts. When an administrator leaves the organization, there is no necessity to update all the TCPWave Appliances. Removing that user from the AAA server would do the job. TCPWave has further enhanced the TACACS+ security by sending each keystroke typed by the users to the AAA logs. Multiple AAA servers can be configured into the TCPWave TACACS module so that the AAA process does not have a single point of failure.

Terminal Access Controller Access-Control System (TACACS+) is a remote authentication protocol used to communicate with an authentication server commonly used in UNIX networks. TACACS+ is a security application that provides centralized validation of users attempting to gain access to a router or network access server. TACACS+ services are maintained in a database on a TACACS+ daemon, typically on a UNIX workstation. The goal of TACACS+ is to provide a methodology for managing multiple network access points from a single management service.

TACACS+ Features
  • Offers multiprotocol support
  • Allows a network administrator to define what commands a user may run. This fine grain level of control allows more controlled access for a greater number of users on a network.
  • Full support for IPV4 and IPV6
  • No limit on number of users, clients or servers
  • Allows control of  commands
  • Separates Authentication, Authorization and Accounting makes it more flexible
  • Encrypted username and passwords
  • Flexible external backend for user profiles
Benefits it provides to organization
  • Centralized User Management
  • Flexible authorization policies
  • Multiple Data sources support
  • Auditing logs via TCPWave’s keystroke logger for enhanced security