🔐

AAA Security Framework Overview

Jul 14, 2025

Overview

This lecture explains the AAA security framework—Authentication, Authorization, and Accounting—and discusses user and device authentication, the need for scalable authorization models, and practical implementation using groups and certificates.

AAA Framework

  • AAA stands for Authentication, Authorization, and Accounting.
  • Identification is the process of claiming an identity (e.g., entering a username).
  • Authentication verifies the claimed identity using passwords or additional authentication factors.
  • Authorization determines what resources and data a user can access.
  • Accounting tracks user activities, such as login/logout times and data usage.

Practical AAA Example: VPN Login

  • Users connect to a VPN concentrator with their credentials.
  • The VPN concentrator checks credentials by forwarding them to a central AAA server.
  • The AAA server verifies credentials against its database and informs the concentrator of approval.
  • Upon successful authentication, users gain access to internal resources (e.g., file servers).

Device Authentication Using Certificates

  • Devices (e.g., laptops) may use digital certificates for authentication instead of passwords.
  • Certificates are issued and digitally signed by a Certificate Authority (CA).
  • Verification involves checking the device certificate against the trusted CA certificate.
  • This method authenticates devices, especially useful for remote or global deployments.

Authorization Models and Scalability

  • Manually assigning permissions for each user and resource does not scale well in large organizations.
  • Authorization models (abstractions) like groups or roles separate users from resources, streamlining access management.
  • Users are added to groups (e.g., shipping and receiving), and group permissions control resource access.
  • Adding users to groups automatically grants them all necessary rights for their roles.

Key Terms & Definitions

  • Authentication — Verifying a user’s or device’s identity using credentials.
  • Authorization — Defining what resources a verified user or device can access.
  • Accounting — Logging and monitoring resource access and usage.
  • AAA Server — Centralized server managing authentication, authorization, and accounting.
  • Certificate Authority (CA) — Entity that issues and signs digital certificates for authentication.
  • Authorization Model/Abstraction — Method to manage access at scale by grouping users and resources.

Action Items / Next Steps

  • Review section 4.6 (as mentioned for authorization models) for further details.
  • Ensure understanding of group-based authorization for scalable access management.

Full transcript