Editing Authentication protocol (section)

===AAA architecture protocols (Authentication, Authorization, Accounting)===

Complex protocols used in larger networks for verifying the user (Authentication), controlling access to server data (Authorization) and monitoring network resources and information needed for billing of services (Accounting).

====[[TACACS]], [[XTACACS]] and [[TACACS+]]====
The oldest AAA protocol using IP based authentication without any encryption (usernames and passwords were transported as plain text). Later version XTACACS (Extended TACACS) added authorization and accounting. Both of these protocols were later replaced by TACACS+. TACACS+ separates the AAA components thus they can be segregated and handled on separate servers (It can even use another protocol for e.g. Authorization). It uses [[Transmission Control Protocol|TCP]] (Transmission Control Protocol) for transport and encrypts the whole packet. TACACS+ is Cisco proprietary.

====[[RADIUS]]====

[[Remote Authentication Dial-In User Service]] (RADIUS) is a full [[AAA (computer security)|AAA protocol
]] commonly used by [[ISP]]s. Credentials are mostly username-password combination based, and it uses [[Network access server|NAS]] and [[User Datagram Protocol|UDP]] protocol for transport.<ref>{{cite web|url = http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-1/user/guide/acsuserguide/rad_tac_phase.html|title = AAA protocols|access-date = 31 October 2015|website = www.cisco.com|publisher = CISCO}}</ref>

====[[DIAMETER]]====
[[Diameter (protocol)]] evolved from RADIUS and involves many improvements such as usage of more reliable TCP or [[SCTP]] transport protocol and higher security thanks to [[Transport Layer Security|TLS]].<ref>{{cite web|url = http://www.ibm.com/developerworks/wireless/library/wi-diameter/|title = Introduction to Diameter|date = 24 January 2006|access-date = 31 October 2015|website = www.ibm.com|publisher = IBM|last = Liu|first = Jeffrey}}</ref>