AAA

-

AAA stands for Authentication, Authorization & Accounting.

AAA is an information security framework used for controlling access to computer resources, enforcing policies & tracking for auditing usage of resources required for billing of resources.                          

AAA used to control which user is allowed to access the network resources by comparing user's login credentials (user id & password) with AAA server's database (Active Directory) stored user credential data called Authentication, authorize that user for performing a pre-defined task as per roles & responsibilities set in the database (enforcing policies) called Authorization and tracking the actions performed while accessing the network called Accounting. Here AAA server acts as an Identity & Access Management Tool.



For example, administrator can access a network device by using console normally.  In case of accessing network device remotely, it can happen only by using IP address. But the same IP can be use by an unauthorized user, causes security issues so requires a proper authentication. Packets exchanged between the devices should also be encrypted so that attacker cannot capture the sensitive information. That's why here AAA comes into picture.                     

AAA Protocols are as below:

RADIUS

Remote authentication dial-In user service (RADIUS) is a networking protocol that uses a client/server architecture to handle AAA tasks for users on a remote network. Users attempting to access the network are granted authentication and authorization using RADIUS. To add an additional layer of protection, RADIUS encrypts all AAA data packets. 

In order for RADIUS to function, a user must first send a request to a network access server (NAS). The NAS then forwards the request to the RADIUS server, which can either approve, deny, or challenge the request by requesting additional information.

Diameter

The Diameter protocol an evolution of RADIUS is a AAA protocol works with mobile devices, Long-Term Evolution (LTE) and multimedia networks like streaming websites or Voice over Internet Protocol (VoIP) applications, used in telecommunication. Diameter is custom-designed to optimize LTE connections and mobile networks.

TACACS / TACACS+

The network protocol known as TACACS, or Terminal Access Controller Access-Control System, was developed by Cisco. The industry currently uses TACACS+, an improved version of original TACACS protocol, for Authentication, Authorization, and Accounting (AAA) in network security.

TACACS+ separates the authentication and authorization processes, and this differentiates it from RADIUS, which combines them. Also, TACACS+, like RADIUS, encrypts its AAA packets.

TACACS+ gives admins more security by providing a separate key from the client for authorization.

TACACS+ is used for Network Devices - Wi-Fi, VPNs, Routers, Network Switches and Firewalls with extra layer of Multi-Factor Authentication (MFA) Security.


Comments

Post a Comment

Popular posts from this blog

OWASP Top 10

-
OWASP Top 10 is an awareness document mentioning top 10 most critical risks in web application security which is regularly updated by an international non-profit organization called Open Web Application Security Project, dedicated to web application security. 1. Broken Access Control Broken access control vulnerability allows attackers to read / view sensitive data and carry out actions that they are not authorized to carry out. As an illustration, consider a website allows only admin users to view its admin pages and protected from regular users. If access control is compromised, an unauthorized user can read private data belonging to other users, gain access to admin and carry out actions that they are not intended to. Example of such type of vulnerability is Insecure Direct Object References (IDOR). Consider a user on a website uses following URL to access his / her account: https://xyz.com/user_acct?user_num=123 Using the URL, user retrieving his information from the database in th
Read more

TCP/IP Model

-
Image
TCP/IP stands for Transmission Control Protocol/Internet Protocol and is a standard protocol suite used to facilitate communication between network devices over the internet which consists of two components TCP and IP. TCP/IP is a compact form of OSI model. Unlike the OSI model, which has seven layers, it has four layers. The data is divided into packets by the TCP/IP Model at the sender's end, and in order to preserve data correctness, the same packets must be reassembled at the recipient's end. The data is divided into four layers by the TCP/IP paradigm, which arranges the data in a sequential fashion at the sender's end and reorders it at the recipient's end. Network Access Layer: A combination of Physical layer & Data Link layer defined in OSI model, responsible for the transmission of the data between two devices over network. Ethernet protocol is used by this layer. Network Layer / Internet Layer: It is responsible to send the packets from a network to the des
Read more