In computer security, AAA stands for “authentication, authorization and accounting”. The AAA is sometimes combined with auditing and accordingly becomes AAAA.
Authentication
Authentication refers to the process of establishing the digital identity of one entity to another entity. Commonly one entity is a client (a user, a client computer, etc.) and the other entity is a server (computer). Authentication is accomplished via the presentation of an identity and its corresponding credentials. Examples of types of credentials are passwords, one-time tokens, digital certificates, and phone numbers (calling/called).
Authorization
Authorization refers to the granting of specific types of privileges (including "no privilege") to an entity or a user, based on their authentication, what privileges they are requesting, and the current system state. Authorization may be based on restrictions, for example time-of-day restrictions, or physical location restrictions, or restrictions against multiple logins by the same user. Most of the time the granting of a privilege constitutes the ability to use a certain type of service. Examples of types of service include, but are not limited to: IP address filtering, address assignment, route assignment, QoS/differential services, bandwidth control/traffic management, compulsory tunneling to a specific endpoint, and encryption.
Accounting
Accounting refers to the tracking of the consumption of network resources by users. This information may be used for management, planning, billing, or other purposes. Real-time accounting refers to accounting information that is delivered concurrently with the consumption of the resources. Batch accounting refers to accounting information that is saved until it is delivered at a later time. Typical information that is gathered in accounting is the identity of the user, the nature of the service delivered, when the service began, and when it ended.
List of AAA Protocols
* RADIUS
* Diameter
* TACACS
* TACACS+
Other protocols used in combination with the above:
* PPP
* EAP
* PEAP
* LDAP
About Me
- Joe Jones
- Chicago, IL, United States
- Former U.S Marine, current information security consultant, college professor, writer and motivational speaker
No comments:
Post a Comment