27/1/2019 TestOut LabSim

2.3.2 Authentication, Authorization, and Accounting

Authentication, Authorization, and Accounting

To be an effective security professional, you need to understand one of the fundamental frameworks used to control access to various
organizational resources. This framework is known as authentication, authorization, and accounting, or AAA.

Authentication
The first component of the AAA framework is authentication. We've already discussed authentication a little bit in a previous lesson, but let's take a
closer look.

If you remember, authentication is the process of verifying a user's identity. That is, determining whether someone or something is actually who
they say they are. For authentication to take place, two pieces of information are required.

The first is a form of identification. In a previous lesson, we mentioned that identification is merely the act of claiming you are someone or
something. The most common form of identification is a username.

The second required piece of information is something used to verify the claimed identity. And if you remember, this can be several different
things; it could be a password, a security token, even the person's heartbeat. This information is then compared to the stored information, and if it
matches, the user is authenticated—"their identity is verified.

Authorization
The second component of AAA is authorization. Authorization should not be confused with authentication. They are two completely different
concepts. Authentication is merely the act of verifying a claimed identity.

Authorization, on the other hand, is the process of determining whether or not an authenticated user has permission to carry out a specific task or
access a system resource.

Now, authorization takes place in two different steps. The first step—"which is a bit of a preliminary step—"is actually the role of the system
administrator. They need to configure the rules for each user or group that dictate their access rights—"their permission scope.

The second step takes place after authentication has occurred. This is when a user is either authorized or denied access to a particular resource
based on the rules configured by the system administrator in step one.

Accounting
Accounting is the third component of AAA. Accounting tracks the actions of an authenticated user.

After an authenticated and authorized user access resources, it's important that security professionals are able to track that user's behavior. This is
where accounting comes in.

Accounting can gather data about which files a user accesses, how much data a user sends and receives over the network, what times the user is
active on the system, the list goes on. It's up to the organization to determine what information is tracked and gathered. Just remember that
accounting is the process of gathering information about user activity.

AAA Server
Now, each component of AAA requires communication between two entities—"usually a user and a server. In a corporate environment, these
components are handled by a dedicated AAA server. This simplifies configuring and maintaining access control.

AAA In Action
Let's create a scenario showing the three components of AAA in action.

Let's say an employee wants to connect to the organization's wireless network. To do this, they need to provide a username and password. The
username is their identity, and the password verifies their identity.

So, the user enters their username and password, which is sent to a dedicated AAA server. The server compares this information to the records
stored in its database. If the username and password match, then the server knows this person is who they say they are—"they are authenticated
to the network.

After they have been authenticated, the user decides they want to access some documents on the company's file server. Before they can do this,
however, the AAA server needs to make sure this particular user is authorized to access these files, so the server checks its rules. And since this
user has been authorized to access these files, they can do so.

Now, while all of this is taking place, the user's activity has been logged by the AAA server. Their initial connection to the wireless network, the
attempt to access this file server, and the opening of this document have all been logged by the server. This is the accounting component. Even
when the user disconnects, this action will be logged by the accounting process.

Summary
https://cdn.testout.com/client-v5-1-10-551/startlabsim.html 1/2
27/1/2019 TestOut LabSim
That's it for this lesson. We have discussed the access control framework called AAA. Remember, AAA has three components: authentication,
authorization, and accounting. Authentication verifies identity, authorization permits access to resources, and accounting tracks user behavior.

TestOut Corporation All rights reserved.

https://cdn.testout.com/client-v5-1-10-551/startlabsim.html 2/2