Friday, May 18, 2012

Authentication, Authorization and Accounting


Authentication, Authorization and Accounting (AAA) is refers to the security architecture that is used for Cisco router and other networking devices (“CCNA 640-553,” n.d.). There are several protocols that abide to AAA architecture this includes RADIUS and TACACS+.

In Authentication, it refers to verifying of the user identity. For instance, under AAA architecture, user is required to provide username and password when the user accesses the router via telnet. However, authentication is unable to take place when user only enter password when he/she access the router via telnet. It is because the network administrator is unable to identify who is accessing the router (“CCNA 640-553,” n.d.).

In Authorization, it will be referring to granting of rights to user or groups who are able to access to the particular system. One of the examples of performing authorization will be granting user rights based on Cisco IOS access level. In Cisco router, user with higher privilege level will be granted more rights compared to the user with lower privilege level(“CCNA 640-553,” n.d.). In privilege level 15, it is also known as the super user level.

In Accounting, it refers to task that is used to track user actions as well as provide logging of the system in order to maintain personal accountability. Accounting will only takes place when authentication and authorization has completed. One of the ways of accounting will be through logging. In logging, network administrator will be able to know which user has logged into the system, number of bytes transferred in the session (“CCNA 640-553,” n.d.).

In the industry, there are protocols such as TACACS+ and RADIUS. In TACACS+, it provides better security (the entire packet is encrypted) but lesser accounting. However, RADIUS will help to provide better accounting but poor security (only password is encrypted).

Figure 1 will be showing a list of differences between TACACS+ and RADIUS

Figure 1 (Comparison between TACACS+ and RADIUS) (Temasek Polytechic, n.d.)

References

CCNA 640-553 exam: explain the function and importance of AAA. (n.d.). Retrieved May 18, 2012, from Ciscokits: http://www.certificationkits.com/ccna-security-aaa/
Temasek Polytechic. (n.d.). TACACS+/RADIUS Comparison. Singapore, Singapore, Singapore.

Posted by at

6 comments:

  1. JodyMay 18, 2012 at 10:30 PM

    Hi Kim Chye!

    Brilliant post you have there, especially with your referencing... Awesome.

    I see that you have wrote super user in level 15, how about touching on users and their rights in other levels, like level 2, just to show the rights in two different levels.

    After reading this article, I would like to ask you, so what is your personal preference, TACACS+ and RADIUS? :)

    All in all, I would like to commend you for your wonderful informative (at least better than mine :P) post, and your referencing really brings your article to a greater heights!

    ReplyDelete
  2. AdminMay 19, 2012 at 7:18 AM

    Hi Kim Chye,

    Once again you have impressed me with your wonderfully detailed post on Authentication, Authorization and Accounting.

    I see that you have made it a point to define each of the AAA services in their paragraphs, like Authentication referring to verify a user's identity, Authorization, which refers to granting of rights and access to user or groups and Accounting, which refers to the tracking of user actions as well as providing system logs to maintain personal accountability.

    Also, you have also briefly described the good and bad of RADIUS and TACACS+.

    I applaud you for yet another good post and I can say that I have enjoyed reading it. Keep up the good work!

    ReplyDelete
  3. aloysiusTMay 19, 2012 at 9:28 AM

    Hi KimChye,

    I'm impressed by your post on AAA. Not only have you provided us with a detailed explanation of each of them, you've also included examples of how each of the mare implemented. This has really help me in understanding better.

    Another good point to note that you were able to relate Accounting back into the industry, providing the readers with a greater insight as to how the three AAA is being used in our nowadays society.

    Lastly, the inclusion of the picture really illustrated clearer the difference between TACACS and RADIUS.

    well done! (:

    ReplyDelete
  4. JettMay 19, 2012 at 10:33 AM

    Hi KimChye,

    I have read your post about the AAA and i personally think that it is a good post and have helped in my understanding of how the AAA works.

    You have also brought up the two famous protocol being put to use and what are the differences between this two protocols and the reason why people use this two protocols (Eg, RADIUS for fast accounting, TACAS+ for better security).

    Thanks! <3

    ReplyDelete
  5. CCD2C01-P03-1103362HMay 20, 2012 at 9:58 AM

    Hi Kim Chye,

    After reading your post on Authentication, Authorization and Accounting, I have learned something more about Authentication, Authorization and Accounting. With the detailed explanation and examples, it helped me understand something more about AAA. And relating Accounting with the industry did help me realize how AAA would help in the industries. The picture helped me to understand the differences between TACACS and RADIUS. Thank you for the post!

    Neo Kai Xiang

    ReplyDelete
  6. JackJuly 11, 2014 at 8:50 AM

    Thank you for posting info on authentication, authorization and accounting! Authentication refers to verifying of the user identity. You described all things very clearly.
    public key infrastructure

    ReplyDelete

Subscribe to: Post Comments (Atom)