Friday, 18 May 2012

Authentication, Authorization and Accounting


In computer security, AAA commonly stands for authentication, authorization and accounting. It is a term for a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services.

As the first process, authentication provides a way of identifying a user, typically by having the user enter a valid user name and valid password before access is granted. The process of authentication is based on each user having a unique set of criteria for gaining access. The AAA server compares a user's authentication credentials with other user credentials stored in a database. If the credentials match, the user is granted access to the network. If the credentials are at variance, authentication fails and network access is denied.
Following authentication, a user must gain authorization for doing certain tasks. After logging into a system, for instance, the user may try to issue commands. The authorization process determines whether the user has the authority to issue such commands. Simply put, authorization is the process of enforcing policies: determining what types or qualities of activities, resources, or services a user is permitted. Usually, authorization occurs within the context of authentication. Once you have authenticated a user, they may be authorized for different types of access or activity.
The final plank in the AAA framework is accounting, which measures the resources a user consumes during access. This can include the amount of system time or the amount of data a user has sent and/or received during a session. Accounting is carried out by logging of session statistics and usage information and is used for authorization control, billing, trend analysis, resource utilization, and capacity planning activities.

Benefits of Using AAA

AAA provides the following benefits:
• Increased flexibility and control of access configuration
• Scalability
• Standardized authentication methods, such as RADIUS, TACACS+, and Kerberos
• Multiple backup systems
Authentication, authorization, and accounting services are often provided by a dedicated AAA server, a program that performs these functions. A current standard by which network access servers interface with the AAA server is the Remote Authentication Dial-In User Service (RADIUS).
References:
http://searchsecurity.techtarget.com/definition/authentication-authorization-and-accounting


Posted by at

3 comments:

  1. Weelun20 May 2012 at 02:16

    Ha, your post's content is exactly the same as mine, except that i don't have the picture and benefits. The scalability benefit is quite important, i feel. Since most companies would add quite a number of employees, scalability is important.

    ReplyDelete
  2. Hetty20 May 2012 at 14:31

    Hello! Hetty here!

    Your post is neat and tidy: every point are paragraphed and it is written in a way whereby everyone can understand(even for beginners!)

    I've got nothing more to say:/ byebye! see you tomorrow!

    ReplyDelete
  3. Unknown14 October 2014 at 00:55

    Nice post. I have the knowledge about it. But you explained in a very good manner. I like it. You explained by the picture. I hope in future I will also do the same as like you. You did a good work.
    electronic signature

    ReplyDelete

Subscribe to: Post Comments (Atom)