AAA - Authentication, Authorization, Accounting Flashcards
Identification
This is who you claim to be
Usually your username
Authentication
Check between your username and password to prove your identity.
Authorization
This determines type of access, based on your identification and authorization.
Accounting
All security systems need to have a log of what’s happened, time of logging, how much date used or send and received and logout time
Authenticating example - vpn logging
Client on the internate => password to vpn concentrator => sending ask of matching to AA server to check credentials => credentials approved => access to internal server
Device certificate
This certificate is put on the device and checked during the login process, can be by vpn concentrator or by the software
Authorization models
We will authorize users and services by associating individual users to access right does not scale. You must create scalable authorization model, define by roles, attributes etc.