Welcome to Bucaro TecHelp!

Bucaro TecHelp
Maintain Your Computer and Use it More Effectively
to Design a Web Site and Make Money on the Web

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds


Victims of Sandy Hook

Stop the Slaughter of Innocents. Congress is bought and paid for by gun lunatics and gun promotion groups. If you want to live in a safe America, help buy Congress back for America. Send a donation to Mayors Against Illegal Guns, 909 Third Avenue, 15th Floor New York, NY 10022

What is Network AAA (Authentication, Authorization, and Accounting)?

Network AAA is an acronym for three network procedures and processes that help to make a network more secure and reliable. The A's stand for Authentication, Authorization, and Accounting. The difference between Authentication, Authorization, and Accounting is described below.

Authentication asks the question, "Who are you?"

Authentication is the process of identifying an individual, usually based on a username and password. Authentication involves password policies. Below are some examples of password policies:

• Minimum password length. Hackers often use bruit force methods to get access to a network. One bruit-force method is to keep trying different passwords until they hit upon one that works. For this reason, shorter passwords are harder to crack than longer ones.

• Prevent use of easy-to-guess passwords. You would be surprised how many people use passwords like "12345678", "abcdefgh" or common phrases like "hacker" or "superuser". These common passwords are the first thing a hacker tries in their bruit-force password cracking methods. For this reason, most systems require a password to meet a minimum level of complexity, like requiring them to contain upper- and lower-case letters and numbers.

• Password expiration. Eventually a hacker using bruit-force methods will gain access. However, if the target password keep changing, the hacker is going after a moving-target. This makes it much more difficult. Also, many times a hacker gains access but keeps such a low profile in the system that no-one knows hes there. Frequently changing the password takes his access away. many systems have a set expiration period that requires users to create new passwords.

• Prevent reuse of password. Thinking of unique passwords is difficult, so many people recycle their passwords. This helps keep the hacker's bruit-force method remain effective, and if changing the password has taken his access away, returning to the past one that he has cracked returns access to the hacker. Many systems store a password history and prevent a user from reusing a previous password.

Authorization asks the question, "What resources are you allowed to access?"

After the user has been authenticated through the username and password, authorization is the process of granting or denying a user access to specific network resources. Authorization to access specific network resources is usually controlled by group policy. For example users in the sales group are not allowed to access sensitive company financial information and user in the finance group not allowed to access proprietary engineering design information.

Accounting asks the question, "What did you do while you had access?"

Accounting is the process of keeping track of a user's activity while accessing network resources. Accounting involves logging which data files and which applications and services were accessed. How much time was spent accessing each resource and how much data was transferred during that time.

In addition to being used to detect hackers, auditing these logs is used for identifying network bottlenecks, capacity planning, trend analysis, and cost allocation.

Sometimes the words authentication, authorization, and accounting are used interchangeably, but they are actually different functions. Together they help to make a network more secure and reliable.

More Network Security Articles:
• ARP, MAC, Poisoning, and WiFi Security
• How to Use the Open Source Intrusion Detection System SNORT
• Domain Name System (DNS) Vulnerabilities
• How to Tell if Someone is Lurking on Your Wireless Network
• Designing Physical Network Security
• What is a Password Hash and Salt?
• Network Security by Filtering
• Design a Network Security Policy
• The Use of HoneyPots and HoneyNets to Trick Hackers
• Digital Signatures and Certificates

RSS Feed RSS Feed


Follow Stephen Bucaro Follow @Stephen Bucaro


Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2017 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268