Upload
sandeep-kushwaha
View
27
Download
1
Embed Size (px)
DESCRIPTION
its about AAA Network Security Services
Citation preview
Presented By:
APowerPoint Presentation on
AAANetwork Security
Services
Sandeep KumarAmity Institute of Information Technology, AMITY University, Lucknow
INTRODUCTIONAAA commonly stands for authentication,
authorization and accounting.AAA is an architectural framework.to control what computer resources users have
access to and to keep track of the activity of users over a network.
AUTHENTICATION Definition : Something that is not false or a fake
imitation Provides the method of identifying users The access server will prompt the user for a name
and password. The access server authenticates the user’s identity by
requiring the username and password. This process of verification to gain access is called
authentication Use Password, Special Token card, Caller-ID, etc.
AUTHORIZATIONAUTHORIZATION Authorization asks the question, "What
privileges does this user have?" Check that the user may access the services
he/she wishes. The server uses a process called authorization to
determine which commands and resources should be made available to that particular user.
ACCOUNTING Accounting asks the questions, "What did this
user do and when was it done?" The process of keeping track of a user's
activity The number of login attempts, the specific
commands entered, and other system events can be logged and time-stamped by the accounting process.
AAA ACCESS SECURITY
AccountingWhat did you spend it on?
AuthenticationWho are you?
Authorizationwhich resources the user is allowed to access and which
operations the user is allowed to perform?
BENEFITS OF AAA1. AAA provides scalability.
Typical AAA configurations rely on a server or group of servers to store usernames and passwords.
This means that local databases do not have to be built and updated on every router and access server in the network.
Instead, the routers in the network become clients of these security servers.
By centralizing the username/password database, AAA makes it possible to enter, update, and store information in one place.
BENEFITS OF AAA…..2. AAA supports standardized security
protocols, specifically TACACS+, and RADIUS.
3. AAA allows for multiple backup systems.
OVERVIEW OF THE AAA CONFIGURATION PROCESS Enable AAA by using the aaa new-model global
configuration command. If you decide to use a separate security server, configure
security protocol parameters, such as RADIUS, TACACS+.
Define the method lists for authentication by using an AAA authentication command.
Apply the method lists to a particular interface or line, if required.
(Optional) Configure authorization using the aaa authorization command.
(Optional) Configure accounting using the aaa accounting command.
TYPICAL AAA NETWORK CONFIGURATION
ENABLING AAA Before you can use any of the services AAA
network security services provide, you must enable AAA.
To enable AAA, use the following command in global configuration mode:
DISABLING AAA To disable AAA, use the following command in
global configuration mode:
AUTHENTICATION PROTOCOLS IN AAA
RADIUS TACACS+
RADIUS RADIUS: Remote Authentication Dial In User
Service A distributed client/server system used with AAA
that secures networks against unauthorized access.
This central server contains all user authentication and network service access information.
In the Cisco implementation, RADIUS clients run on Cisco routers and send authentication requests to a central RADIUS server.
on UDP
RADIUS AUTHENTICATION PROCESS
TACACS+
TACACS: Terminal Access Controller Access Control System
A security application used with AAA that provides centralized validation of users attempting to gain access to a router or network access server.
TACACS+ services are maintained in a database on a TACACS+ daemon running on a UNIX, Windows NT, or Windows 2000 workstation.
TACACS+ provides for separate and modular authentication, authorization, and accounting facilities
On TCP
TACACS+ AUTHENTICATION PROCESS
REFRENCES http://www.cisco.com http://www.ciscopress.com/ http://en.wikipedia.org/wiki/AAA_protocol http://www.webopedia.com/TERM/A/AAA.html
?QUERIES
THANK YOU