[tac_plus] TACACS Solution?

Aaron Wasserott aaron.wasserott at viawest.com
Fri Jul 24 20:49:02 UTC 2015


We use the shrubbery version of tac_plus within our PCI environment and have always passed our audits. The only thing auditors don't like is that since it's not a commercial software product, there are no security vulnerability announcements and patches. With the proper network hardening, it is easy to document an exception for it. I.e., put your tacacs server into a dedicated security zone, only permit network devices to contact the tacacs server over port 49, restrict user login to tacacs server, file permissions, etc.

And we use RANCID for network device configuration backup, also without any PCI audit issue.

-----Original Message-----
From: tac_plus [mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Matt Almgren
Sent: Friday, July 24, 2015 2:28 PM
To: Chase, John; tac_plus at shrubbery.net
Subject: Re: [tac_plus] TACACS Solution?

That's an interesting question.  TAC+ s the medium/method that is used as the medium for the PCI requirement.

PCI states that configurations have to be backed up to a secure location.  There's no mention of "what" software is used, as long as the above holds true.

1.2.2 Secure and synchronize router configuration files.


From: <Chase>, John <john.chase at rakuten.com<mailto:john.chase at rakuten.com>>
Date: Friday, July 24, 2015 at 12:48 PM
To: "tac_plus at shrubbery.net<mailto:tac_plus at shrubbery.net>" <tac_plus at shrubbery.net<mailto:tac_plus at shrubbery.net>>
Subject: [tac_plus] TACACS Solution?

Good day I am in preparation of replacing our existing Cisco TAC product with something new due to the EOL of Windows 2003. I was wondering if your TAC_Plus solution is PCI compliant?

Thank you

John Chase
Rakuten USA, Americas Development Unit
System Administrator
85 Enterprise | Suite 100
Aliso Viejo, CA 92656
P: 949.448.5461
[Description: Description: Description: Z:\Rakuten USA\rakuten_logo R.jpg]
NOTICE: This email contains confidential and/or proprietary information, some or all of which may be legally privileged. It is intended only for the named recipient. If an addressing or transmission error has misdirected the email, please notify the author with a reply email message. If you are not the named recipient, you must not use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer system.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20150724/7eefb81b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2533 bytes
Desc: image001.jpg
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20150724/7eefb81b/attachment.jpg>
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net<mailto:tac_plus at shrubbery.net>
http://www.shrubbery.net/mailman/listinfo/tac_plus

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20150724/c4e17c60/attachment.html>
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo/tac_plus
This message contains information that may be confidential, privileged or otherwise protected by law from disclosure. It is intended for the exclusive use of the addressee(s). Unless you are the addressee or authorized agent of the addressee, you may not review, copy, distribute or disclose to anyone the message or any information contained within. If you have received this message in error, please contact the sender by electronic reply and immediately delete all copies of the message.


More information about the tac_plus mailing list