5.8 Authentication, Authorization, and Accounting Concepts Flashcards
Examine authentication, authorization, and accounting concepts. (23 cards)
What does the acronym AAA signify in the context of user security?
Authentication, Authorization, and Accounting
AAA encompasses the processes of verifying user identity, determining access rights, and tracking user actions.
Define:
Authentication
The process of verifying the identity of a user or device.
Authentication is the first step in network access control, where a user or device provides credentials (e.g., username and password) to prove their identity.
Why is Authorization important after Authentication?
It determines what actions a verified user is permitted to perform.
After authentication, the system checks the user’s permissions to control their access to specific resources and actions based on their credentials.
How does Authentication differ from Authorization?
Authentication verifies who you are, while authorization determines what you can do.
Authentication confirms the identity of a user, while authorization grants or denies access to specific resources based on their identity and roles.
What does Authentication primarily rely on to verify user identity?
Credentials like a username and password, or multifactor authentication.
Authentication ensures the entity requesting access is who they claim to be by checking their provided credentials against a stored database.
Why is Authorization considered a separate process from Authentication?
Authorization determines what authenticated users can access or do.
While authentication confirms a user’s identity, authorization decides what the user is allowed to access or perform once their identity is confirmed.
List the three main factors in authentication.
- Something you know (password, PIN)
- Something you have (smart card, token)
- Something you are (biometric data)
These three factors provide multiple layers of security, making it more difficult for unauthorized users to gain access.
Which protocol is commonly used for AAA in Cisco devices?
TACACS+ and RADIUS
TACACS+ and RADIUS are both AAA protocols used to manage user authentication, authorization, and accounting.
For using a Cisco-specific AAA server, which protocol is recommended?
TACACS+
TACACS+ is a Cisco proprietary protocol designed for authentication, authorization, and accounting.
What type of authentication system typically incorporates one-time passwords?
Multifactor authentication
Multifactor authentication enhances security by requiring multiple forms of verification, such as a password and a one-time password.
What is the role of RADIUS in AAA?
It handles authentication and authorization.
RADIUS is typically used for remote access authentication and authorization, handling requests for network devices such as routers and switches.
True or False:
Authorization is the first step in the AAA framework.
False
Authentication is the first step, followed by authorization, and then accounting.
Fill in the blank:
The process of recording user actions and behaviors after authentication and authorization is called ______.
accounting
Accounting logs user activities, which are essential for understanding what occurred during a security incident.
What is the role of Accounting in AAA?
It logs user activities for auditing and reporting purposes.
After a user authenticates and is authorized, accounting tracks their usage of network resources, which is useful for security audits and troubleshooting.
What does TACACS+ offer that RADIUS does not?
TACACS+ separates authentication, authorization, and accounting.
TACACS+ provides more granularity and flexibility, allowing for separate handling of each AAA function, which makes it more secure than RADIUS for devices that require more detailed control.
In an 802.1x EAP authentication setup, which device evaluates user credentials for access permission?
Authentication server
The authentication server, often a RADIUS server, is responsible for validating user credentials in this authentication framework.
What does the term “EAP” stand for?
Extensible Authentication Protocol
EAP is used in 802.1x for network access control, where it allows for various authentication methods such as certificates, smart cards, and passwords.
Which AAA protocol is more commonly used in remote access VPNs?
RADIUS
RADIUS is commonly used for remote access authentication in VPNs because it supports a large number of clients and is more lightweight than TACACS+.
True or False:
RADIUS supports authentication and accounting, but not authorization.
False
RADIUS supports authentication, authorization, and accounting, but TACACS+ offers more flexibility and security for each of these functions by separating them.
How does 802.1x authentication work with AAA protocols?
It uses RADIUS or TACACS+ for authentication and authorization.
802.1x relies on AAA protocols to validate user credentials and grant or deny access to the network based on authentication and authorization.
How is Accounting implemented in a network audit?
It logs the details of user activity for review.
Accounting records user actions, such as login and logout times, resource usage, and the amount of data transferred, allowing for auditing and tracking of user behavior.
Whats the importance of Accounting in troubleshooting network issues?
It provides logs that help identify and resolve issues.
Accounting logs help network administrators track user actions and pinpoint issues such as unauthorized access or resource misuse, which aids in troubleshooting.
Define:
Role-Based Access Control (RBAC)
A system where access is based on roles within an organization.
RBAC simplifies authorization by grouping users into roles (e.g., admin, user) and assigning permissions to those roles instead of individual users.
