Welcome to Bucaro TecHelp!

Bucaro TecHelp
HTTPS Encryption not required because no account numbers or
personal information is ever requested or accepted by this site

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

What is Network AAA (Authentication, Authorization, and Accounting)?

Network AAA is an acronym for three network procedures and processes that help to make a network more secure and reliable. The A's stand for Authentication, Authorization, and Accounting. The difference between Authentication, Authorization, and Accounting is described below.

Authentication asks the question, "Who are you?"

Authentication is the process of identifying an individual, usually based on a username and password. Authentication involves password policies. Below are some examples of password policies:

• Minimum password length. Hackers often use bruit force methods to get access to a network. One bruit-force method is to keep trying different passwords until they hit upon one that works. For this reason, shorter passwords are harder to crack than longer ones.

• Prevent use of easy-to-guess passwords. You would be surprised how many people use passwords like "12345678", "abcdefgh" or common phrases like "hacker" or "superuser". These common passwords are the first thing a hacker tries in their bruit-force password cracking methods. For this reason, most systems require a password to meet a minimum level of complexity, like requiring them to contain upper- and lower-case letters and numbers.

• Password expiration. Eventually a hacker using bruit-force methods will gain access. However, if the target password keep changing, the hacker is going after a moving-target. This makes it much more difficult. Also, many times a hacker gains access but keeps such a low profile in the system that no-one knows hes there. Frequently changing the password takes his access away. many systems have a set expiration period that requires users to create new passwords.

• Prevent reuse of password. Thinking of unique passwords is difficult, so many people recycle their passwords. This helps keep the hacker's bruit-force method remain effective, and if changing the password has taken his access away, returning to the past one that he has cracked returns access to the hacker. Many systems store a password history and prevent a user from reusing a previous password.

Authorization asks the question, "What resources are you allowed to access?"

After the user has been authenticated through the username and password, authorization is the process of granting or denying a user access to specific network resources. Authorization to access specific network resources is usually controlled by group policy. For example users in the sales group are not allowed to access sensitive company financial information and user in the finance group not allowed to access proprietary engineering design information.

Accounting asks the question, "What did you do while you had access?"

Accounting is the process of keeping track of a user's activity while accessing network resources. Accounting involves logging which data files and which applications and services were accessed. How much time was spent accessing each resource and how much data was transferred during that time.

In addition to being used to detect hackers, auditing these logs is used for identifying network bottlenecks, capacity planning, trend analysis, and cost allocation.

Sometimes the words authentication, authorization, and accounting are used interchangeably, but they are actually different functions. Together they help to make a network more secure and reliable.

More Network Security Articles:
• What is Cross Site Scripting?
• Handling Rogue Access Points
• Implementing a Secure Password Policy
• Design a Network Security Policy
• The Basics of Network Security
• Firewall Internet Security - The Basics of a Firewall
• Domain Name System (DNS) Vulnerabilities
• Elementary Information Security
• What is a Password Hash and Salt?
• Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)

RSS Feed RSS Feed


Follow Stephen Bucaro Follow @Stephen Bucaro


Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2018 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268