Authentication, Authorization, & Accounting 1.2

Question 1

Elements of AAA framework

Answer 1

Identification- This is who you claim to be. Usually your username.

Authentication- Prove who you say you are. Password and Authentication factors.

Authorization- Based on Your identification and authentication.

Accounting- Resources used: Login time, data sent and received logout time.

Question 2

Authenticating people ex (SEE video)

Question 3

Authenticating systems process

Answer 3

Must manage many devices. Devices you will never physically see.

A system can’t type a password. And you may not want to store one.

To truly authenticate a device you need to put a digitally signed certificate on the device.

Other business processes rely on the certificate. Access to the VPN from authorized devices. Management software can validate the end devices.

Question 4

Certificate authentication process (VID example in video)

Answer 4

A organization has a trusted certificate authority (CA),

The organization creates a certificate for a device and digitally signs the certificate with the organizations CA.

The certificate can now be included on a device as an authentication factor. The CA’s digital signature is used to validate the certificate.

Question 5

How to authorize with authorization models

Answer 5

The user or device has not authenticated,

Users and services —> data & applications. Associating individual users to access rights does not scale.

Put an authorization model in the middle. Define by roles, organizations, attributes, ETC.

Question 6

No authorization model

Answer 6

A simple relationship. User—> resource.

Some issues with this model. difficult to understand why an authorization may exist. Does not scale.

Question 7

Using an authorization model

Answer 7

Add an abstraction. Reduce complexity. Create a clear relationship between the user and the resource.

Administration is streamlined. Easy to understand the authorizations. Support any number of users or resources.