Authentication, Authorization, and Accounting - 1.2
Summary
Authentication, Authorization, and Accounting (AAA) are key security processes that involve verifying user identities, determining access permissions, and tracking activities to ensure proper usage and security compliance.
Notes:
Identification
Identification is the process of claiming an identity, usually through a unique identifier such as a username, employee ID, or email address. It serves as the initial step before authentication.
Authentication
Authentication is the process of verifying the claimed identity using credentials such as passwords, PINs, biometrics, or tokens. This step ensures that the user is who they claim to be.
Certificate Authority (CA)
Authentication of a device can also be performed using a digital certificate, which provides an electronic form of identification.
Digital certificates are issued and signed by a Certificate Authority (CA), ensuring the validity and trustworthiness of the certificate.
Authorization
Authorization is the process of determining the level of access and permissions granted to a user, based on their identity and successful authentication.
For example, authorization determines if a user is allowed to access specific files, applications, or systems within an organization.
Authorization Models
Examples of authorization models include:
- Role-Based Access Control (RBAC): Access is granted based on the user's role within the organization (e.g., manager, employee).
- Attribute-Based Access Control (ABAC): Access is determined based on various attributes, such as user, resource, environment, and action attributes.
- Rule-Based Access Control: Access is granted or denied based on pre-configured rules (e.g., time-based access restrictions).
Accounting
Accounting, also known as auditing, involves tracking user activities, recording resource usage, and logging relevant events. This ensures accountability and provides data for security analysis, compliance, and forensic investigations.
Accounting is essential for maintaining logs that can help identify breaches or unauthorized activities, supporting security incident response.