Thursday, August 5, 2010

AAA: Authentication, Authorization and Accounting

control traffic based on the IP address and protocol -> access lists
control access for specific users or groups -> authentication
control use for specific users or groups -> authorization

Authentication -> who the user is
Authorization -> what the user can do
Accounting -> what the user did

PIX/ASA : Cut-through Proxy for Network Access using TACACS+ and RADIUS Server Configuration Exampl
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml

Authentication
Authentication refers to the process where an entity's identity is authenticated, typically by providing evidence that it holds a specific digital identity such as an identifier and the corresponding credentials. Examples of types of credentials are passwords, one-time tokens, digital certificates, and phone numbers (calling/called).

Authorization
The "authorization" function determines whether a particular entity is authorized to perform a given activity, typically logging on to an application or service. Authorization may be determined based on a range of restrictions, for example time-of-day restrictions, or physical location restrictions, or restrictions against multiple logins by the same entity or user. Examples of types of service include, but are not limited to: IP address filtering, address assignment, route assignment, Quality of Service/differential services, bandwidth control/traffic management, compulsory tunneling to a specific endpoint, and encryption.

Accounting
Accounting refers to the tracking of the consumption of network resources by users. This information may be used for management, planning, billing, or other purposes. Real-time accounting refers to accounting information that is delivered concurrently with the consumption of the resources. Batch accounting refers to accounting information that is saved until it is delivered at a later time. Typical information that is gathered in accounting is the identity of the user, the nature of the service delivered, when the service began, and when it ended.

AAA protocol
http://en.wikipedia.org/wiki/AAA_protocol

2 comments:

Related post:

Related Posts with Thumbnails