Who manages the authentication Authorisation and accounting within a computer network?

An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization, and accounting (AAA) services.

Authentication is the process of identifying an individual, usually based on a username and password. Authentication is based on the idea that each individual user will have unique information that sets him or her apart from other users.

Authorization is the process of granting or denying a user access to network resources once the user has been authenticated through the username and password. The amount of information and the amount of services the user has access to depend on the user's authorization level.

Accounting is the process of keeping track of a user's activity while accessing the network resources, including the amount of time spent in the network, the services accessed while there and the amount of data transferred during the session. Accounting data is used for trend analysis, capacity planning, billing, auditing and cost allocation.

Products and Solutions

Although the administrator can use a console to access a router or other device, doing so is quite difficult if he is sitting distant from where the equipment is located. Therefore, he will eventually need to use remote access to that gadget.

However, since remote devices can be accessed using an IP address, we must implement authentication as a security mechanism because it is possible for an unauthorized user to gain access using the same IP address. Additionally, the packets transmitted between the devices should be encrypted to prevent unauthorized access to that sensitive data. Therefore, a framework known as AAA is used to add that extra layer of security.

AAA (Authentication, Authorization and Accounting)

A standard-based framework called AAA is used to manage who is allowed to access network resources, what they are allowed to do, and record the actions taken while doing so (via authentication and Authorization). Or we can say, the AAA is a structural framework used to access computer resources, enforce policies, conduct audits, provide vital data for service billing, and perform other network administration and security tasks.

• The primary purpose of this operation is to grant specific, Authorized user's access to network and software application resources.
• The AAA idea is widely used in regard to the network protocol RADIUS.
• A technique for monitoring and controlling user access to network resources on an IP-based network is authentication, Authorization, and accounting (AAA). Frequently, AAA is configured as a dedicated server.
• Authorization is the process of granting or denying specific user's access to a computer network and its resources. Users can be given several Authorization levels, restricting their access to the network and its resources. Accounting is known for monitoring and documenting user activities on a computer network.

Authentication -

It is a method of determining if a user who wants to access network resources is legitimate or not, and it is done by requesting certain credentials, such as a username and password. Authentication can be enabled on console ports, AUX ports, or vty lines, among other places.

If someone wants to enter the network, we, as network administrators, can manage how a user is authenticated. These techniques include utilising the router's internal database or submitting authentication requests to a remote server, such as the ACS server. A default or custom authentication method list is used to specify the authentication method to be utilised.

Authorization -

After the user has obtained access to the network resources through authentication, it offers the ability to enforce policies on those resources. When authentication is successful, Authorization can be used to identify which resources and processes the user is permitted to access.

For instance, if a junior network engineer wants access to the device but shouldn't have access to all the resources, then administrator can construct a view that would only allow him to perform certain commands. The administrator can designate how a user is Authorized to access network resources using the Authorization method list, such as through a local database or an ACS server.

Accounting -

It offers tracking and recording of user actions as they use network resources. Even the length of the user's network access is tracked. The administrator can construct an accounting method list to designate what should be accounted for and who should receive the accounting records.

Implementation of AAA

Utilizing the device's local database or an external ACS server are viable options for implementing AAA.

1. ACS Server - This approach is frequently employed. For AAA, an external ACS server?which could be an ACS device or software running on VMware?is utilised, and both the router and the ACS need to be configured. A user is created as part of the configuration, along with a unique customised method list for authentication, Authorization, and accounting.

According to the credentials given by the user, the ACS server decides whether to provide the user access to the network resource or not after receiving authentication requests from the client or Network Access Server (NAS).

Note: The administrator must include utilising the device's local database as a backup in the method list for implementing AAA in case the ACS server cannot authenticate

2. Local Database - We must first create users for authentication and grant them privilege levels for Authorization if we want to deploy AAA using the local running configuration of the router or switch.

Advantages of AAA framework:

The AAA framework enhances the scalability of a network. Scalability is the ability of a system to handle an increasing amount of work by adding resources to the system. Some of the main advantages of the AAA framework are listed below:

• It enables the network to be more controllable and adaptable.
• It helps the network to Standardize its protocol usage.
• Each user is given their own set of credentials using RADIUS.
• There will be a single point of contact for the users and system authentication for IT administrators.

Disadvantages of AAA framework:

Some of the main disadvantages of the AAA framework are listed below:

• RADIUS server configuration, particularly the initial configuration, can be challenging and time-consuming.
• It can be challenging to select the best RADIUS server software and deployment strategy for your company.
• On-site hardware upkeep can be difficult and time-consuming.

What is authentication and authorization in networking?

How do authentication authorization and accounting work together?

What is authentication and authorization process?

What is the role of AAA authentication authorization and accounting functions in networks?