A PowerPoint Presentation on

AAA Network Security Services

Presented By:

Sandeep Kumar
Amity Institute of Information Technology, AMITY University, Lucknow

INTRODUCTION
AAA

commonly stands for authentication, authorization and accounting. AAA is an architectural framework. to control what computer resources users have access to and to keep track of the activity of users over a network.

AUTHENTICATION
Definition

: Something that is not false or a fake

imitation
Provides The

the method of identifying users

access server will prompt the user for a name and password. access server authenticates the users identity by requiring the username and password. process of verification to gain access is called authentication Use Password, Special Token card, Caller-ID, etc.

The

This

AUTHORIZATION
Authorization

asks the question, "What privileges does this user have?" Check that the user may access the services he/she wishes. The server uses a process called authorization to determine which commands and resources should be made available to that particular user.

ACCOUNTING
Accounting

asks the questions, "What did this user do and when was it done?" The process of keeping track of a user's activity The number of login attempts, the specific commands entered, and other system events can be logged and time-stamped by the accounting process.

AAA ACCESS SECURITY

Authorization Authentication
Who are you? which resources the user is allowed to access and which operations the user is allowed to perform?

Accounting
What did you spend it on?

BENEFITS OF AAA
1.

AAA provides scalability.

Typical AAA configurations rely on a server or group of servers to store usernames and passwords. This means that local databases do not have to be built and updated on every router and access server in the network. Instead, the routers in the network become clients of these security servers. By centralizing the username/password database, AAA makes it possible to enter, update, and store information in one place.

BENEFITS OF AAA..
2. AAA supports standardized security

protocols, specifically TACACS+, and RADIUS. 3. AAA allows for multiple backup systems.

OVERVIEW OF THE AAA CONFIGURATION PROCESS

Enable AAA by using the aaa new-model global configuration command. If you decide to use a separate security server, configure security protocol parameters, such as RADIUS, TACACS+. Define the method lists for authentication by using an AAA authentication command. Apply the method lists to a particular interface or line, if required. (Optional) Configure authorization using the aaa authorization command. (Optional) Configure accounting using the aaa accounting command.

TYPICAL AAA NETWORK CONFIGURATION

ENABLING AAA
Before

you can use any of the services AAA network security services provide, you must enable AAA. To enable AAA, use the following command in global configuration mode:

DISABLING AAA
To

disable AAA, use the following command in global configuration mode:

AUTHENTICATION PROTOCOLS IN AAA

RADIUS
TACACS+

RADIUS

RADIUS: Remote Authentication Dial In User Service A distributed client/server system used with AAA that secures networks against unauthorized access. This central server contains all user authentication and network service access information. In the Cisco implementation, RADIUS clients run on Cisco routers and send authentication requests to a central RADIUS server. on UDP

RADIUS AUTHENTICATION PROCESS

TACACS+

TACACS: Terminal Access Controller Access Control System A security application used with AAA that provides centralized validation of users attempting to gain access to a router or network access server. TACACS+ services are maintained in a database on a TACACS+ daemon running on a UNIX, Windows NT, or Windows 2000 workstation. TACACS+ provides for separate and modular authentication, authorization, and accounting facilities On TCP

TACACS+ AUTHENTICATION PROCESS

REFRENCES
http://www.cisco.com

http://www.ciscopress.com/
http://en.wikipedia.org/wiki/AAA_protocol http://www.webopedia.com/TERM/A/AAA.html

?
QUERIES

THANK YOU