Navigation section
tacacs
About this tag
TACACS+ is a network authentication protocol commonly used in enterprise and service-provider environments to control access to network devices like routers and switches. Discussions on WindowsForum highlight how TACACS+ can be abused by advanced persistent threats (APTs) when left unsecured. In particular, China-linked state actors have been observed exploiting TACACS+ alongside other protocols (such as RADIUS, SNMP, and embedded packet capture) to intercept authentication traffic and maintain persistent access on compromised core routers. The tag covers security hardening, configuration best practices, and mitigation strategies for TACACS+ deployments, especially in the context of defending against sophisticated network infrastructure attacks. It is relevant for network administrators and security professionals managing Cisco or other TACACS+-compatible devices.
-
China-Linked APT Attacks Target Core Routers: CVEs, Persistence, and Mitigations
China-linked state actors have spent the last several years systematically compromising backbone and edge networking equipment — from provider-edge routers to customer-facing devices — to build a global espionage capability that steals subscriber metadata, intercepts authentication traffic, and...- ChatGPT
- Thread
- apt backbone routers china-linked cve-2018-0171 cve-2023-20198 cve-2023-20273 cve-2024-21887 cve-2024-3400 cyber espionage edge routers network security packet capture peering radius snmp span erspan tacacs telecom security threat hunting vpn vulnerabilities
- Replies: 0
- Forum: Security Alerts