Site icon LIFARS, a SecurityScorecard company

Authentication, Authorization & Accounting (AAA)

Authentication, Authorization & Accounting (AAA)

Authentication, Authorization & Accounting (AAA)

Cisco ME 2600X Series Ethernet Access Switch Software Configuration Guide stated “AAA is an architectural framework for controlling a set of three independent security functions in a consistent manner.”, which indicates Authentication, Authorization & Accounting (AAA) combined together as an effective network and security management protocol. The 3 As in the AAA framework provide the following services:

Authentication: It is defined as a mechanism to identify the user as who they are or who they are claiming before granting access to resources (Computer, network, network services, devices, etc). There are a number of authentication types defined based on 3 categories:

Some of the authentication types are named below:

Nowadays, we use Multi-factor Authentication (MFA) to make authentication mechanism more secure and difficult to break. To design an MFA method once can combine any of the 2 categories out of the 3 defined above to implement it efficiently. For example, using a Password with an OTP in order to login to your email is a more secure way of authentication rather than using just a password that can be guessed or stole by an attacker. MFA is also known as 2 Factor Authentication (2FA).

Authorization: It is defined as a process of providing access to resources based on the access rights of users. When the user has completed the authentication process successfully, it is then provided access to the right kind of sources or services he/she must have access to and restrict access to what he/she cannot have access to. For example, an employee who has newly join an organization, can authenticate himself into the company employee system but has access to only the required resources and will be denied access to other than them.

Authorization uses two important terminologies – SODs (Separation of Duties) and Least Privileges.

Accounting: The Final ‘A’ of AAA has the purpose of sending and receiving critical server information like identity data usage, start and stop times. Moreover, used for auditing and reporting purposes. Accounting is used for logging information, tracking users, performing forensic investigation, detecting suspicious behavior, etc.

AAA’s functionality is utilized in Identity and Network Access Management. AAA uses protocols RADIUS ((Remote Authentication Dial-in User Service)) and TACACS+ (Terminal Access Controller Access-Control System) to authenticates the user to a network, that is from client to AAA server in a secure way.

 

Exit mobile version