AAA protocols and network access control

ZENCC > Blog > AAA protocols and network access control
AAA protocols and network access control

What does AAA stand for in networking?

The member of AAA protocols which are known for Authentication Authorization and Accounting were first designed as remote access control mechanisms and network service providers through the modem and dial-in services but they continue to be presently execute in multiple architectures.

 

Authentication and Authorization

The user seeks access makes the request by sending his user information and password to a NAS who he set a link-level point to point communication (PPP). The NAS which behaves as a RADIUS client resends the request to the RADIUS server. This request includes the end user’s information along with his password, which is encoded with a password that is shared with the server (Authenticator). The server validates the Authentication through any of the supported mechanisms: PAP, CHAP, EAP, Unix login, LDAP, etc. and obtain the appropriate information related to the client. If the RADIUS server authorizes the access it sends a message with a series of parameters attached that distinguish the connection such as the IP address and bandwidth. If the access is declined the Authentication/Authorization will refuse to inform the user with an Access-Reject message which indicates the reasons behind the rejection.

 

AAA Functions

AAA has three main modules:

  • Authentication
  • Authorization
  • Accounting

The authentication part of AAA is responsible for implementing a method to identify users. This can include login access and other types of access such as PPP network access. With AAA authentication you define one or more authentication techniques that the router should use when authenticating a user.

When authentication for a user is successfully completed AAA's authorization is used to obstruct what actions users can perform or what services users can access. For example, you might want a network administrator to have classified EXEC access but want him to use only the debug command. With AAA authorization you can impose this limit.

AAA consider component is in charge of keeping a list of events of authentication and authorization  actions. This can be as easy as keeping track of who accesses a router and any status changes on the router or something as intense as keeping track of each control that a user performs on a router. The accounting of AAA keeps a list of these events. One limit of the accounting component is that it needs an external AAA security server to record the actual accounting records.

AAA is the endorse Cisco solution for performing access control. AAA is the preferred one.

 

Enabling AAA

You need to build many things to execute AAA. This focuses on only the router configuration (configuring a AAA security server is afar the scope). To build AAA you need to perform the following

  • Delegate AAA.
  • Configure the framework for an external AAA server if used.
  • Explain the method or methods that you will use to perform authentication.
  • Spontaneously configure authorization to limit what the user can do on the router.
  • Optionally configure accounting to keep records of what when an event occurs on the router.

AAA is disabled on your Cisco router.

 

AAA is disabled on your Cisco router.

AAA server is a server program that influences user demand access to computer resources and for a company that provides AAA services. The AAA server overall connects with network access and access servers and with databases and catalog containing user information. The current degree by which devices or applications convey with the AAA server is the Remote Authentication Dial-In User Service (RADIUS).

 

How does AAA server work?

AAA furnishes security for an assign internet habitat by allowing any client with the proper qualification to connect securely to guarded application servers from everywhere on the Internet. This feature engulfs the three security features of AAA. Authentication permit the Net Scaler appliance to confirm the client’s credentials either locally or with a third-party authentication server and allow only accepted users to access protected servers. Authorization allows the ADC to verify which content on a protected server should allow the user to access. Evaluate enables the ADC to keep a list of each user’s interest on a protected server.

To understand how AAA works in a distributed background consider a company with an artifact that its employee entry in the office at home and when traveling. The content on the artifact is sensitive and requires secure access. Any user who wants to access the artifact should have a valid user name and password. To meet these necessities the ADC does the following:

  • Deflect users to login page if the user accesses the artifact without having logged in.
  • Collects the user’s information deliver them to the testimonial server and stock them in a register that is approachable through LDAP.
  • Confirm that the user is authorized to access particular artifacts content before delivering the user’s seek to the application server.
  • Maintain a caucus timeout after which users must validate again to recover access to the artifacts
  • List the user actions including incorrect login attempts in an audit log.

  AAA Authentication

For securing your networks, get in touch with ZENCC. Write to marketing@zencc.net for further details.