The three services of AAA are authentication, authorization, and accounting. Each of the AAA services is designed to provide specific and unique security services. AuthenticationAuthentication is the process through which a user proves his or her identity to you. When you go to the bank to cash a check, what is the first question a teller usually asks? How about, "May I see your identification, please ?" Your driver's license usually suffices as proof that you are who you say you are. Because users cannot provide you with driver's licenses when they attempt to access resources, you use other mechanisms to verify a user's identity.
AuthorizationAuthorization is the process of allowing or disallowing a user access to specific resources. Going back to the banking example, once the teller is satisfied about your identity, the teller needs to ensure that the account has enough funds to cover the check that you present. Using some sort of system, the teller gets authorization that the check will be honored. In a networking environment, authorization refers to the rights you have assigned to a user. Suppose Eddy has just authenticated and now wants to access the Internet to do a little holiday shopping via his Web browser. Based on the rights that you have assigned to Eddy, he might or might not be allowed to use HTTP services. That is what authorization is all about: what that user is allowed to do.
AccountingCompanies usually present an acceptable use policy when networking services are accessed. These types of policies state what an employee can and cannot do with company property. Through the use of AAA accounting services, you can track and log a user's activities. Not only can you track access to corporate resources and external resources, but you can also track and log changes that are made to the company's networking devices.
|