AAA is a framework that is for enabling a set of three independent security functions
Authentication
Enables a user to be identified and verified prior to being granted access
Authorisation
Defines the privileges and restrictions to be enforced on an authenticated user
Accounting
Provides the ability to track and log user access, including user identities, start and stop times, executed commands. It provides a log of events
For AAA to work, it requires a protocol to carry authentication requests and responses, plus authorisation and accounting logs.
There are many AAA protocols but the two most popular ones are RADIUS and TACACS+
RADIUS is Remote Authentication Dial-In User Server
TACACS+ is Terminal Access Controller Access-Control System Plus
AAA is used in the networking industry for the following use cases:
Network Device Access Control
Cisco IOS provides local features for simple device access control, but for things to scale it requires AAA. AAA is the recommended method for access control, and TACACS+ is the protocol of choice for network device access control
Secure Network Access Control
AAA can be used to obtain the identity of a device or user before it is allowed access to the network. RADIUS is the preferred protocol for remote user access
Leave a Reply