Extension of control and safety functions: NAICE now supports TACACS+

At the end of last year, we detailed the new NAICE network access management software version 0.7. At that time, our team announced the development of new functions scheduled for implementation in 2025.

System version 0.8 was released, and its main innovation was one of the promised features – support for the TACACS+ protocol. Now, NAICE administrators can easily manage access to network equipment and maintain a detailed auditing of operations on it.

TACACS+ provides centralized authentication, authorization and accounting (AAA) of network devices, which is especially important for large corporate networks consisting of many components. Compared to the RADIUS protocol, TACACS+ offers AAA process separation for more granular configuration of security policies and equipment access control.

One of the main differences of TACACS+ compared to RADIUS is granular command authorization, giving network administrators more flexibility. For example, NAICE can allow or deny usage of individual commands when managing network devices, rather than being limited to a privilege-based command set as RADIUS is. This is especially important for administering switches and routers.

TACACS+ uses the TCP protocol, which provides more reliable packet delivery and connection recovery in the event of failures. Unlike RADIUS, the user data in TACACS+ packets is encrypted.

• Centralized authentication. When accessing network equipment, a single source of identification is used to connect to different network devices. This simplifies credential management and access tracking. A local account database, LDAP or Microsoft AD can be used as an identity source.
• Flexible authorization control. TACACS+ allows you to conveniently assign access rights to each administrator individually or to an entire group at once. This makes it possible to create detailed security profiles with different privilege levels.
• Event logging. The protocol is logging all changes in the configuration of network equipment and operations performed by administrators. This provides transparency and simplifies security auditing. When incidents occur, logs help to restore the sequence of events and quickly identify the problem. TACACS+ events are also forwarded to a syslog server.
• Easy management of security policies. Centralized management makes it easy to change access policies and permissions for many devices simultaneously, reducing the chance of errors when configuring individual devices manually.

Since version 0.7, NAICE uses the Eltex License Manager (ELM) service, which offers two ways of licensing:

• Online ELM – licenses are issued via the Eltex cloud server, installing additional software isn’t required;
• Offline ELM – license server is installed in the customer’s infrastructure or as a service together with NAICE, used for isolated networks.

The license for TACACS+ connection is purchased once without the limit for the number of network devices. To activate it, a license for user connections is required.

The new version of NAICE is available for ordering. You can test it in your infrastructure before buying. For this purpose, a demo mode for 15 network devices without ELM is available in version 0.8. Email us to learn more about the system and to place an order: foreign.sales@eltex-co.ru