Module 3: The 3 A's of Cyber-security: Authentication, Authorization, Accounting Flashcards
What is Authentication, Authorization, and Accounting (AAA)?
Explanation:
Authentication verifies a user’s identity (e.g., logging in with a username and password).
Authorization determines what resources or actions the authenticated user is allowed to access or perform.
Accounting (or auditing) tracks and records user activity and resource usage.
Simplified Breakdown:
Authentication = “Who are you?”
Authorization = “What can you do?”
Accounting = “What did you do?”
Relevant Examples:
Authentication: Entering your credentials to log into your email.
Authorization: A company network that only allows IT staff to access the server room.
Accounting: Logging system events such as file access or command history on a server.
Key Points:
AAA Framework: Central to managing secure access in IT.
Authentication vs. Authorization: Verify identity first, then decide access rights.
Audit Trails: Accounting helps detect unusual activity or breaches.
What is Multi-Factor Authentication (MFA)?
Explanation:
MFA adds extra layers of security by requiring more than one method of authentication from independent categories of credentials.
Simplified Breakdown:
Think of MFA like having two or more keys to open a safe.
It combines:
Something you know: Password/PIN
Something you have: Security token, bank card, or U2F key
Something you are: Biometrics (fingerprint, facial recognition)
Relevant Examples:
Logging into a bank account using both a password and a one-time code sent to your phone.
Using a fingerprint scanner along with a password to unlock your smartphone.
Key Points:
Enhances Security: Even if one factor is compromised, others still protect your access.
Diverse Factors: Combines knowledge, possession, and inherent traits.
Common in Sensitive Environments: Widely used in banking, corporate networks, and mobile devices.
What is OAuth (Open Authorization)?
Explanation:
OAuth is a protocol that allows a user to grant a third-party application limited access to their resources without sharing their credentials.
Simplified Breakdown:
OAuth is like giving someone a temporary key to a specific room rather than your house key.
It enables access delegation—one service can access your data from another service securely.
Relevant Examples:
“Sign in with Google” or “Sign in with Facebook” on various websites.
A third-party scheduling app accessing your Google Calendar without needing your password.
Key Points:
Access Delegation: Allows third-party apps to use your data without compromising your password.
Token-Based: Uses access tokens that can be revoked or limited in scope.
Widely Adopted: Common in modern web and mobile applications for federated login.
What is Kerberos?
Explanation:
Kerberos is a network authentication protocol that uses tickets to allow nodes communicating over a non-secure network to prove their identity in a secure manner.
Simplified Breakdown:
Think of Kerberos as a secure ticketing system: You get a ticket (TGT) after logging in, and then you use that ticket to access services without re-entering your password.
Relevant Examples:
Active Directory: Windows environments use Kerberos for secure, single sign-on authentication.
Enterprise Networks: Users authenticate once and then access multiple network resources without repeated logins.
Key Points:
Ticket-Based System: Issues ticket-granting tickets and service tickets.
Mutual Authentication: Both client and server verify each other’s identity.
Time-Sensitive: Requires synchronized clocks to prevent replay attacks.
What is Terminal Access Controller Access-Control System Plus (TACACS+)?
Explanation:
TACACS+ is a protocol that provides centralized authentication, authorization, and accounting (AAA) for network device management.
Simplified Breakdown:
TACACS+ acts as a gatekeeper for network devices, ensuring only authorized users can administer routers, switches, and firewalls.
Relevant Examples:
Device Administration: Used in enterprise and military networks to control who can configure network equipment.
Audit Trails: Tracks which commands were executed by administrators on network devices.
Key Points:
Centralized Management: Facilitates centralized device management and logging.
Separation of AAA Functions: Distinct handling of authentication, authorization, and accounting.
Security for Network Devices: Critical for environments requiring strict control over network infrastructure.
What is Certificates and Certificate Authority (CA) Infrastructure?
Explanation:
Digital certificates are electronic credentials used to verify identities and secure communications. A Certificate Authority (CA) is responsible for issuing and signing these certificates.
Simplified Breakdown:
A digital certificate is like an online ID card, and the CA is the trusted organization that issues these IDs.
Relevant Examples:
SSL/TLS Certificates: Used by websites to enable secure HTTPS connections.
Client Certificates: Used in secure email systems or VPNs to verify a user’s identity.
Key Points:
Authentication Tool: Certificates help verify the identity of users, devices, or websites.
CA Infrastructure: Needed to issue and manage these certificates.
Trust and Security: Ensure secure communication channels and data integrity.
What is Certificate Revocation List (CRL)?
Explanation:
A CRL is a list of digital certificates that have been revoked by a Certificate Authority before their scheduled expiration date, ensuring that compromised or invalid certificates are no longer trusted.
Simplified Breakdown:
Imagine a list of canceled IDs. If a certificate is revoked, it is added to the CRL to prevent its use.
Relevant Examples:
Revoked SSL Certificates: If a website’s certificate is compromised, it is added to a CRL to prevent users from trusting it.
Client Certificates: Organizations check CRLs to verify that client certificates have not been revoked.
Key Points:
Revocation Mechanism: Helps maintain trust in a public key infrastructure (PKI).
Regular Updates: CRLs are updated periodically to reflect newly revoked certificates.
Security Assurance: Prevents compromised certificates from being used maliciously.
What is Access Control and Access Control Lists (ACLs)?
Explanation:
Access control regulates who can access or manipulate resources. An Access Control List (ACL) is a detailed list that defines the permissions for users or groups over a resource.
Simplified Breakdown:
Access control is like a security system that determines who can enter which room, while an ACL is the list on the door that specifies who has access and what actions they can perform.
Relevant Examples:
File Permissions: An ACL on a file might specify that one user can read it while another can modify it.
Network Devices: Routers and firewalls use ACLs to permit or block traffic from specific IP addresses.
Key Points:
Defines Permissions: Specifies what actions users or groups can take on resources.
Used in Various Systems: File systems, network devices, and applications often implement ACLs.
Enhances Security: Helps prevent unauthorized access and maintain data integrity.
Tracking Usage and Access (Accounting)
Explanation:
Tracking usage and access involves monitoring and logging user actions and system interactions to ensure security, compliance, and the ability to audit activities.
Simplified Breakdown:
It’s like keeping a detailed logbook of who used which resource and when, helping to detect unauthorized or unusual behavior.
Relevant Examples:
File Access Logs: Tracking who opened or modified a confidential file.
Network Traffic Logs: Monitoring network traffic to detect unusual access patterns or potential breaches.
System Audits: Reviewing logs to ensure compliance with internal security policies.
Key Points:
Audit Trail: Provides records for forensic analysis and compliance audits.
Security Monitoring: Helps detect and respond to suspicious activity.
Data Accountability: Ensures that user actions are traceable and verifiable.
