AAA of Security
Attended a beginner’s cyber meetup this week. Thought it would be a good topic. The presenters talked about the AAA which is a basic principle of cybersecurity. It is authentication, authorization, and accounting. It’s a control method for when a person’s identity is established with proof and confirmed by the system (authentication), what you can do (authorization) and logs of what they did (accounting).
Authentication — is generally what everyone knows. It is typically a user and password which is single-factor authentication. This is the weaker level of authentication. To increase security, one should set up multi-factor authentication which may include another factor such as knowledge, possession, or location. Some additional factors are.
· Something you know — Passwords and Pins
· Something you are — Biometrics such as fingerprint, facial, iris & retina.
· Something you have — Security tokens such as RSA, Google authenticator or bank card
· Something you are — Location such as GPS
· Something you do — Speaking or signing.
Authorization — is a function of specific rights or access to something for a user. It can be physical or digital. The access control process should start with the least privilege. Additional resources can be granted later on and should be regularly reviewed. Authorization should be revoked or added as people onboard, offboard, or transitioned to another department.
Accounting — Tracks data, computer usage, and/or network resources. It is proof that someone has taken an action which is non-repudiation. They can not deny what they did. Organizations can use systems or applications such as logarithm, Splunk, other SIEM tools as they see fit.
Why should it be used? Benefits?
The security model enables flexibility and dynamic properties for networks. Without it, networks need to be statically configured which is time-consuming, inefficient, and higher chance of failure. The model enables you to dynamically configure the authorization and authentication you want. Systems such as RADIUS, TACACS+, and Kerberos offers ease of configuration and scalability, which standardizes authentication methods.
Note: Not promoting anything. Also if anything is incorrect or unclear. Will fix upon notification.
