Lecture Notes: Authentication, Authorization, and Accounting (AAA)
Overview of AAA
- Identification: Claiming to be a particular user on a system.
- Authentication: Verifying the identity using credentials like usernames, passwords, and other authentication factors.
- Authorization: Determining the type of access a user has to resources.
- Accounting: Logging activities such as login time, data sent/received, and logout time.
AAA Framework
- Components:
- Authentication: Proving identity.
- Authorization: Access control.
- Accounting: Activity logging.
Practical Example: VPN Access
- Scenario: Logging into a VPN server (firewall or VPN concentrator).
- Process:
- Client connects to VPN concentrator.
- Provides username and password.
- VPN concentrator communicates with a central AAA server to verify credentials.
- AAA server confirms credentials and grants access.
Security Management
- Challenges:
- Managing security across numerous systems worldwide.
- Devices might not be physically accessible.
Device Authentication
- Problem: Verifying that connecting computers are authorized.
- Solution: Use digital certificates.
- Certificates are digitally signed and checked during login.
- Requires a Certificate Authority (CA) to manage certificates.
Certificate Authority (CA)
- Functions:
- Issues and signs certificates.
- Verifies authenticity of certificates used for authentication.
Authorization Models
- Purpose: Manage access to resources efficiently.
- Challenges:
- Scaling authorization for large numbers of users and resources.
Example: Shipping and Receiving Department
Benefits of Authorization Models
- Scalability: Efficient management of large numbers of users/resources.
- Simplification: Reduces manual configuration of individual permissions.
This lecture covered the basics of AAA framework, practical application in VPN access, and detailed an example of using authorization models for efficient resource access management.