Authentication, authorization and accounting
(AAA) is a system for tracking user activities on an IP-based network and
controlling their access to network resources. AAA is often is implemented as a
dedicated server.
Authentication refers
to unique identifying information from each system user, generally in the form
of a username and password. System administrators monitor and add or delete authorized
users from the system.
Authorization refers to the process of adding or denying individual user access to a computer network and its resources. Users may be given different authorization levels that limit their access to the network and associated resources. Authorization determination may be based on geographical location restrictions, date or time-of-day restrictions, frequency of logins or multiple logins by single individuals or entities. Other associated types of authorization service include route assignments, IP address filtering, bandwidth traffic management and encryption.
Accounting refers to the record-keeping and tracking of user activities on a computer network. For a given time period this may include, but is not limited to, real-time accounting of time spent accessing the network, the network services employed or accessed, capacity and trend analysis, network cost allocations, billing data, login data for user authentication and authorization, and the data or data amount accessed or transferred.
Examples of AAA protocols include:
Authorization refers to the process of adding or denying individual user access to a computer network and its resources. Users may be given different authorization levels that limit their access to the network and associated resources. Authorization determination may be based on geographical location restrictions, date or time-of-day restrictions, frequency of logins or multiple logins by single individuals or entities. Other associated types of authorization service include route assignments, IP address filtering, bandwidth traffic management and encryption.
Accounting refers to the record-keeping and tracking of user activities on a computer network. For a given time period this may include, but is not limited to, real-time accounting of time spent accessing the network, the network services employed or accessed, capacity and trend analysis, network cost allocations, billing data, login data for user authentication and authorization, and the data or data amount accessed or transferred.
Examples of AAA protocols include:
- Diameter, a successor to Remote
Authentication Dial-In User Service (RADIUS)
- Terminal Access Controller
Access-Control System (TACACS)
- Terminal Access Controller
Access-Control System Plus (TACACS+) a proprietary Cisco Systems protocol
that provides access for network servers, routers and other network
computing devices.
Types of AAA servers
include:
- Access Network
AAA (AN-AAA) which communicates with radio network controllers
- Broker AAA (B-AAA), which manages
traffic between roaming partner networks
- Home AAA (H-AAA)
0 Comments