AAA Network Security Services
AAA Network Security Services
AAA Network Security Services
Sandeep Kumar
Amity Institute of Information Technology, AMITY University, Lucknow
INTRODUCTION
AAA
commonly stands for authentication, authorization and accounting. AAA is an architectural framework. to control what computer resources users have access to and to keep track of the activity of users over a network.
AUTHENTICATION
Definition
imitation
Provides The
access server will prompt the user for a name and password. access server authenticates the users identity by requiring the username and password. process of verification to gain access is called authentication Use Password, Special Token card, Caller-ID, etc.
The
This
AUTHORIZATION
Authorization
asks the question, "What privileges does this user have?" Check that the user may access the services he/she wishes. The server uses a process called authorization to determine which commands and resources should be made available to that particular user.
ACCOUNTING
Accounting
asks the questions, "What did this user do and when was it done?" The process of keeping track of a user's activity The number of login attempts, the specific commands entered, and other system events can be logged and time-stamped by the accounting process.
Accounting
What did you spend it on?
BENEFITS OF AAA
1.
Typical AAA configurations rely on a server or group of servers to store usernames and passwords. This means that local databases do not have to be built and updated on every router and access server in the network. Instead, the routers in the network become clients of these security servers. By centralizing the username/password database, AAA makes it possible to enter, update, and store information in one place.
BENEFITS OF AAA..
2. AAA supports standardized security
protocols, specifically TACACS+, and RADIUS. 3. AAA allows for multiple backup systems.
ENABLING AAA
Before
you can use any of the services AAA network security services provide, you must enable AAA. To enable AAA, use the following command in global configuration mode:
DISABLING AAA
To
RADIUS
RADIUS: Remote Authentication Dial In User Service A distributed client/server system used with AAA that secures networks against unauthorized access. This central server contains all user authentication and network service access information. In the Cisco implementation, RADIUS clients run on Cisco routers and send authentication requests to a central RADIUS server. on UDP
TACACS+
TACACS: Terminal Access Controller Access Control System A security application used with AAA that provides centralized validation of users attempting to gain access to a router or network access server. TACACS+ services are maintained in a database on a TACACS+ daemon running on a UNIX, Windows NT, or Windows 2000 workstation. TACACS+ provides for separate and modular authentication, authorization, and accounting facilities On TCP
REFRENCES
http://www.cisco.com
http://www.ciscopress.com/
http://en.wikipedia.org/wiki/AAA_protocol http://www.webopedia.com/TERM/A/AAA.html
?
QUERIES
THANK YOU