Authentication, Authorization, & Account 1.2 Flashcards
Describe the step of IDENTIFICATION in the AAA Framework?
- This is the first step.
- The user provides information claiming to be the registered user of that system.
Describe the step of AUTHENTICATION in the AAA Framework?
- Checks between your username, passwords, and other authentication factors.
- Proves that you are who you say you are.
What is the purpose of the AUTHORIZATION step of the AAA Framework?
- Once authentication has been completed, the next step is determine what systems the user will have access to.
What is the AAA Framework?
Refers to a system that implements the use of Authentication, Authorization, and Accounting.
What is the purpose of ACCOUNTING?
- Records the resources used when engaging with a system.
- Resources used can include: Login time, data sent and received, logout time.
What way can a device be authenticated to access an internal system?
- External devices can use certificates which is digital signed and checked at the login process.
What are some systems that can validate or authenticate an external device?
- Certificates can be validated using a VPN concentrator or management software that validates the end device
What is the role of a CERTIFICATE AUTHORITY when authenticating an external device?
- A device or software that manages all the certificates within the environment.
- Creates certificates that are digitally signed by the Certificate Authority.
What is the role of an AUTHORIZATION MODEL in granting an external device access?
- Grants a registered user access to specific applications and systems.
- Is placed in the middle of granting the user access to the system.
- Authorization is granted by the user’s assigned roles, organization, or attributes.
What are the caveats to having no AUTHORIZATION MODEL in place?
- Can still grant a user specific access to certain systems, however, without this method does NOT SCALE well when granting access to a large amount of systems or data to a larger amount of users.
Describe the application of ABSTRACTION in the Authorization Model
- Separates the users from the information they need to access.