Networking Fundamentals, 3rd Edition page 465

Copyright Goodheart-Willcox Co., Inc. 465 Chapter 15 Network Security Authentication, Authorization, and Accounting Authentication, authorization, and accounting (AAA), also known as triple A, is a security standard that consists of three parts: authentication, authorization, and ac- counting. Authentication is the process of verifying the identity of the user. It incor- porates various authentication models typically designed around a username and user password. Authorization is the process of identifying which system resources a user may use. User share permissions are an example of authorization. Accounting is a system that tracks what resources a user accesses and keeps a record of user activ- ity. An example is the Windows security log, shown in Figure 15-16. 2.3 NET Note When using the Internet to research authentication, authorization, and accounting (AAA), you may be directed to Cisco and its AAA security model and not to the intent of the AAA identified in the CompTIA Network+ objectives. Cisco provides a security system for router and server access referred to as Cisco IOS AAA and Cisco NX-OS. The IOS is an acronym representing Internetwork Operating System and the NX-OS is an acronym representing NeXt-generation Operating System. Figure 15-16 Windows 10 security log as accessed through Computer Management. The security log can be used to track user activity. Goodheart-Willcox Publisher Another form of accounting is the activity log used by Internet service providers that host web pages. Th e ISP uses logs to track total bandwidth and disk space used and to maintain a list of IP addresses that access each web page. Th e triple-A security standard is the most common model used for network ac- cess today. Th e dominant client/server security models that support the AAA con- cept are RADIUS, TACACS+, and Diameter. Each of these security systems provide authentication, authorization, and accounting but in diff erent ways. RADIUS RADIUS is the acronym for Remote Authentication Dial-In User Service and is an IETF standard that describes how to access client/server network systems. RADIUS is the default method of network security used by Microsoft and is incorpo- rated into many of the Microsoft security features, such as Internet Authentication Service (IAS), Network Policy Server (NPS), and remote access service. RADIUS systems authenticate users on a client/server network. Th e server is referred to as the Network Access Server (NAS). Today, RADIUS is used for more than just dial-in access to a network. It is also used for wireless access and Internet access to the NAS. RADIUS provides a centralized location, typically a server that is used to store user account credentials. Many Internet service providers use RADIUS to store Note Internet Authentication Service (IAS) is the Microsoft im- plementation of RADIUS for Windows Server 2003 and Network Policy Server (NPS) is the Microsoft implementation of RADIUS for Windows Server 2008 and 2016. 2.3, 4.2 NET

Previous Page Next Page

Networking Fundamentals, 3rd Edition Page 465 (487 of 720)

Resources and Downloads

Help