What is Network AAA (Authentication, Authorization, and Accounting)?
By Stephen Bucaro
Network AAA is an acronym for three network procedures and processes that help to make a network
more secure and reliable. The A's stand for Authentication, Authorization, and Accounting. The
difference between Authentication, Authorization, and Accounting is described below.
Authentication asks the question, "Who are you?"
Authentication is the process of identifying an individual, usually based on a username and password.
Authentication involves password policies. Below are some examples of password policies:
• Minimum password length. Hackers often use bruit force methods to get access to a network.
One bruit-force method is to keep trying different passwords until they hit upon one that works. For
this reason, shorter passwords are harder to crack than longer ones.
• Prevent use of easy-to-guess passwords. You would be surprised how many people use passwords
like "12345678", "abcdefgh" or common phrases like "hacker" or "superuser". These common passwords
are the first thing a hacker tries in their bruit-force password cracking methods. For this reason,
most systems require a password to meet a minimum level of complexity, like requiring them to contain
upper- and lower-case letters and numbers.
• Password expiration. Eventually a hacker using bruit-force methods will gain access. However,
if the target password keep changing, the hacker is going after a moving-target. This makes it
much more difficult. Also, many times a hacker gains access but keeps such a low profile in the
system that no-one knows hes there. Frequently changing the password takes his access away.
many systems have a set expiration period that requires users to create new passwords.
• Prevent reuse of password. Thinking of unique passwords is difficult, so many people recycle
their passwords. This helps keep the hacker's bruit-force method remain effective, and if changing
the password has taken his access away, returning to the past one that he has cracked returns access
to the hacker. Many systems store a password history and prevent a user from reusing a previous password.
Authorization asks the question, "What resources are you allowed to access?"
After the user has been authenticated through the username and password, authorization is the
process of granting or denying a user access to specific network resources. Authorization to
access specific network resources is usually controlled by group policy. For example users
in the sales group are not allowed to access sensitive company financial information and user
in the finance group not allowed to access proprietary engineering design information.
Accounting asks the question, "What did you do while you had access?"
Accounting is the process of keeping track of a user's activity while accessing network resources.
Accounting involves logging which data files and which applications and services were accessed.
How much time was spent accessing each resource and how much data was transferred during that time.
In addition to being used to detect hackers, auditing these logs is used for identifying network
bottlenecks, capacity planning, trend analysis, and cost allocation.
Sometimes the words authentication, authorization, and accounting are used interchangeably, but
they are actually different functions. Together they help to make a network more secure and reliable.
More Network Security Articles:
• What is a Password Hash and Salt?
• How Snort's Stealth TCP Port Scanning Works
• Denial of Service Attack (DoS) Detection and Mitigation
• Remote Access Authentication Protocols
• Firewall Rules
• Difference Between Rule and Role Based Access Control
• Network Security Model - Defining an Enterprise Security Strategy
• How to Tell if Someone is Lurking on Your Wireless Network
• The Use of HoneyPots and HoneyNets to Trick Hackers
• NMAP (Network Mapper) Port Scanner