Authentication, Authorization and Accounting
Global corporations, governmental organisations, and their corresponding networks face numerous challenges today. The biggest of these challenges is managing and authenticating thousands of users that need daily, if not constant, access to the local and remote networks while maintaining the security of the company network. In many cases, these multinational companies and their networks serve more customers each day or even each hour than many of the busiest telecom operators and service providers in the globe.
The capabilities of AAA are used in identity and network access management. RADIUS (Remote Authentication Dial-in User Service) and TACACS+ (Terminal Access Controller Access-Control System) are two protocols that AAA utilises to securely authenticate users to networks from clients to AAA servers.
- Authentication
- Authorization
- Accounting
It is defined as a mechanism to identify the user as who they are or who they are claiming before granting access to resources (Computer, network, network services, devices, etc.) There are a number of authentication types defined based on 3 categories:
- Something you have (such as cell phone)
- Something you are (such as fingerprint, iris recognition, face recognition).
- Something you know (such as password).
Some of the authentication types are named below:-
- Static passwords -They do not change frequently unless it expires or the user changes it.
- One-time-Passwords – They are used to confirm your personal credentials like ATM pin through email or SMS.
- Digital Certificates – Such as X.509 to verify client and server identities and initiate secure SSL connections.
- Biometrics Credential – Using Face Recognition, Fingerprints, etc. to identify user identity.
It is described as a procedure for granting users access to resources according to their access permissions. After successfully completing the authentication procedure, the user is given access to the sources or services to which he or she needs to have access while restricting access to those to which he or she does not. An employee who has just joined a company, for instance, can authenticate into the employee system and gain access, but they will only be allowed to use the resources that are necessary.
The Final 'A' of AAA is used to send and receive vital server information, such as usage statistics for identification data and start and stop times. additionally utilised for reporting and auditing needs. Accounting is used to record data, track users, conduct forensic investigations, identify suspicious behaviour, and other things.