Computer Network AAA (Authentication, Authorization and Accounting)
Although the administrator can use a console to access a router or other device, doing so is quite difficult if he is sitting distant from where the equipment is located. Therefore, he will eventually need to use remote access to that gadget.
However, since remote devices can be accessed using an IP address, we must implement authentication as a security mechanism because it is possible for an unauthorized user to gain access using the same IP address. Additionally, the packets transmitted between the devices should be encrypted to prevent unauthorized access to that sensitive data. Therefore, a framework known as AAA is used to add that extra layer of security.
AAA (Authentication, Authorization and Accounting)
A standard-based framework called AAA is used to manage who is allowed to access network resources, what they are allowed to do, and record the actions taken while doing so (via authentication and Authorization). Or we can say, the AAA is a structural framework used to access computer resources, enforce policies, conduct audits, provide vital data for service billing, and perform other network administration and security tasks.
It is a method of determining if a user who wants to access network resources is legitimate or not, and it is done by requesting certain credentials, such as a username and password. Authentication can be enabled on console ports, AUX ports, or vty lines, among other places.
If someone wants to enter the network, we, as network administrators, can manage how a user is authenticated. These techniques include utilising the router's internal database or submitting authentication requests to a remote server, such as the ACS server. A default or custom authentication method list is used to specify the authentication method to be utilised.
After the user has obtained access to the network resources through authentication, it offers the ability to enforce policies on those resources. When authentication is successful, Authorization can be used to identify which resources and processes the user is permitted to access.
For instance, if a junior network engineer wants access to the device but shouldn't have access to all the resources, then administrator can construct a view that would only allow him to perform certain commands. The administrator can designate how a user is Authorized to access network resources using the Authorization method list, such as through a local database or an ACS server.
It offers tracking and recording of user actions as they use network resources. Even the length of the user's network access is tracked. The administrator can construct an accounting method list to designate what should be accounted for and who should receive the accounting records.
Implementation of AAA
Utilizing the device's local database or an external ACS server are viable options for implementing AAA.
1. ACS Server - This approach is frequently employed. For AAA, an external ACS server?which could be an ACS device or software running on VMware?is utilised, and both the router and the ACS need to be configured. A user is created as part of the configuration, along with a unique customised method list for authentication, Authorization, and accounting.
According to the credentials given by the user, the ACS server decides whether to provide the user access to the network resource or not after receiving authentication requests from the client or Network Access Server (NAS).
Note: The administrator must include utilising the device's local database as a backup in the method list for implementing AAA in case the ACS server cannot authenticate
2. Local Database - We must first create users for authentication and grant them privilege levels for Authorization if we want to deploy AAA using the local running configuration of the router or switch.
Advantages of AAA framework:
The AAA framework enhances the scalability of a network. Scalability is the ability of a system to handle an increasing amount of work by adding resources to the system. Some of the main advantages of the AAA framework are listed below:
Disadvantages of AAA framework:
Some of the main disadvantages of the AAA framework are listed below: