Questions and Answers
What does AAA stand for?
Authentication, Authorization, and Accounting
Authentication only checks a user's identity, while authorization dictates what the user is allowed to do.
True
What is the purpose of Accounting in AAA?
Recording/logging the actions the user took while accessing the network resources.
Local AAA offers a simple solution for _______ networks.
Signup and view all the answers
Study Notes
Authentication, Authorization, and Accounting (AAA)
- AAA stands for Authentication, Authorization, and Accounting, a framework for managing access to network devices
- Verifies a user's identity through authentication, determines access and operations through authorization, and records user activity through accounting
Authentication
- Verifies if a user can access network resources through their given credentials
- Types of authentication:
- Something you know (e.g., passwords, PIN)
- Something you have (e.g., USB key)
- Something you are (e.g., biometrics, fingerprints)
Authorization
- Determines which resources a user is allowed to access and what operations they can perform
- Stored in a database along with the user's identity
- Can be changed by an administrator
- Different from authentication, as it dictates what the user is allowed to do
Accounting
- Records/logging the actions a user took while accessing network resources
- Tracks user identities, login time, data sent/received, services accessed, and IP address
Purpose of AAA
- Limits access to a system
- Records user activity
- Acts as a three-step verification process to control access to network resources and devices
Uses of AAA
- Network access: verifies the identity of a device or user
- Device administration: involves controlling access to sessions, network devices, and secure shell (SSH)
Local AAA
- Simplest implementation of AAA for small working environments
- Credentials are stored directly on the Cisco device
- Not ideal for network security, but useful for small networks
- Downsides: no accounting methods, users cannot select their own passwords, and limited scalability
Server-Based AAA
- Also known as Centralized AAA, uses separate servers to store and centrally manage AAA policies
- Benefits: centralized management, enhanced security, scalability, and granular control
- Drawbacks: complexity of setting up and maintaining a central AAA server, and impact on AAA functionality if the server goes down
AAA Protocols
- RADIUS: Remote Authentication Dial-In User Service, best used for network access
- TACACS+: Terminal Access Controller Access Control System Plus, best used for device administration
- Diameter: Derived from RADIUS, used for service administration in fixed and mobile networks
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
