Cisco AAA Security Technology Review

Cisco AAA Security Technology Review

Remote dial-up connections to the corporate network are made up of several dial-in technologies, including modem and ISDN connections, as well as virtual connections via the Internet. Access control is the process of controlling who can access the network and what resources they’re allowed to use. Cisco’s Authentication, Authorization, and Accounting (AAA) network security services configured on a router or network server implement this access control.

The three security components of AAA are designed to let you define and configure the type of authentication, authorization, and accounting in a detailed and consistent manner through the use of method lists, and then apply those method lists to specific services or interfaces according to your security plan. Method lists define a sequence of implementation processes that allow backup methods in case the initial method fails.

Authentication is the process of identifying users through user name and password verification methods that allow only approved individuals to access the network.

Authorization is the process of matching authenticated users with the permissions or privileges to use network resources

Accounting is the process of tracking or logging the different types of resources or services the remote users are accessing. This data can then be analyzed for auditing, troubleshooting, network management, and network planning client billing. The AAA databases can be remotely stored on one or more TACACS+ or RADIUS servers. Authentication and authorization databases can be stored locally on the access server.