The lack of scalability and reliability limitations
associated with locally stored authentication can only be overcome by using some
form(s) of centralized authentication server. Network operating systems (OSs)
typically have this feature at their core. In addition to allowing access to the
network, this system usually is linked to a mechanism for matching login IDs
with permissions to use protected resources. While all authenticated users might
have permission to use any of the network printers, only members of the
“accounting” group might be granted “permission” to access to the Accounting
Department servers. And maybe only those accounting group members who are also
part of the “payroll” group might be granted access to the payroll software and
data.
If a payroll accountant leaves the company under any
circumstances, it’s only necessary to delete their user account, which also
removes them from the accounting and payroll groups, maintaining security for
those assets.
AAA is a technology that can work
independently or with the network security system to provide centralized
authentication, authorization, and accounting security for network devices and
remote user access. Figure 3-3 demonstrates a simple example of AAA and
a NAS server providing secure access to a company network. With only
authentication features, the remote user could have access to both the server
(web server possibly) and the company network. With authorization implemented,
it would be possible to allow the modem user access to both, while limiting the
ISDN user to one or the other.
Sections
Comments (0 posted)
Syndication
