Introduction to AAA in computer and networks
AAA stands for Authentication, authorization, and accounting. AAA is a set of primary concepts that aid in understanding computer and network security as well as access control. These concepts are used daily to protect property, data, and systems from intentional or even unintentional damage.AAA is used to support the Confidentiality, Integrity, and Availability (CIA) security concept, in addition to providing the framework for access to networks and equipment using Remote Authentication Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System (TACACS/TACACS+). A more detailed description of AAA is discussed in RFC 3127, which can be found at http://tools.ietf.org/html/rfc3127.This RFC contains an evaluation of various existing protocols against the AAA requirements, and can help you understand the specific details of these protocols. The AAA requirements themselves can be found in RFC 2989 located at http://tools.ietf.org/html/rfc2989.
What is AAA?
AAA is a set of procedures used to guard the information, gear, and confidentiality of both land and information. As mentioned previously, among the aims of AAA is to supply Confidentiality, Integrity, and Availability (CIA).CIA can be briefly described as follows:
■ Confidentiality The contents or data are not revealed
■ Integrity The contents or data are intact and have not been modified
■ Availability The contents or data are accessible if allowed
AAA consists of three separate areas that work together. These areas provide a level of basic security in controlling access to resources and equipment in networks. This control allows users to provide services that assist in the CIA process for further protection of systems and assets. Let’s start with basic descriptions of the three areas, and then break each down to explore their uses and the security they provide. Finally, we will work with examples of each AAA component.
Access control can be defined as a policy, software component, or hardware component that is used to grant or deny access to a resource. This can be an advanced component such as a Smart Card, a biometric device, or network access hardware such as routers, remote access points such as Remote Access Service (RAS), and virtual private networks (VPNs), or the use of wireless access points (WAPs). It can also be file or shared resource permissions assigned through the use of a network operating system (NOS) such as Microsoft Windows using New Technology File System (NTFS) in conjunction with Active Directory, Novell NetWare in conjunction with Novell Directory Services (NDS) or eDirectory, and UNIX systems using Lightweight Directory Access Protocol (LDAP), Kerberos, or Sun Microsystem’s Network Information System (NIS) and Network Information System Plus (NIS+). Finally, it can be a rule set that defines the operation of a software component limiting entrance to a system or network. We will explore a number of alternatives and possibilities for controlling access.
Authentication may be described as the procedure used to confirm a machine or person attempting access to the resources or networks is, in actuality, the thing being introduced. We’ll examine a procedure which proves user id to a remote resource server. We’ll also review a process of monitoring and ensuring nonrepudiation of authentication. With this chapter, non-repudiation is the procedure utilized (time stamps, certain protocols, or authentication methods) to guarantee that the presenter of this authentication request cannot later deny that they had been the originator of the petition. The authentication procedure uses the data presented to the NOS (like username and password) to enable the NOS to validate the identity based on these credentials.
Auditing is the process of monitoring and reviewing events, mistakes, access, and authentication efforts on a platform. Much like an accountant’s procedure for keeping track of the flow of funds, you need to be able to follow a trail of access attempts, access grants or denials, machine problems or errors, and other events that are important to the systems being monitored and controlled. In the case of security auditing, you will learn about the policies and procedures that allow administrators to track access (authorized or unauthorized) to the network, local machine, or resources. Auditing is not enabled by default in many NOSes, and administrators must often specify the events or objects to be tracked. This becomes one of the basic lines of defense in the security and monitoring of network systems. Tracking is used along with regular reading and analysis of the log files generated by the auditing process to better understand if the access controls are working