Presented By:

APowerPoint Presentation on

AAANetwork Security

Services

Sandeep KumarAmity Institute of Information Technology, AMITY University, Lucknow

INTRODUCTIONAAA commonly stands for authentication,

authorization and accounting.AAA is an architectural framework.to control what computer resources users have

access to and to keep track of the activity of users over a network.

AUTHENTICATION Definition : Something that is not false or a fake

imitation Provides the method of identifying users The access server will prompt the user for a name

and password. The access server authenticates the user’s identity by

requiring the username and password. This process of verification to gain access is called

authentication Use Password, Special Token card, Caller-ID, etc.

AUTHORIZATIONAUTHORIZATION Authorization asks the question, "What

privileges does this user have?" Check that the user may access the services

he/she wishes. The server uses a process called authorization to

determine which commands and resources should be made available to that particular user.

ACCOUNTING Accounting asks the questions, "What did this

user do and when was it done?" The process of keeping track of a user's

activity The number of login attempts, the specific

commands entered, and other system events can be logged and time-stamped by the accounting process.

AAA ACCESS SECURITY

AccountingWhat did you spend it on?

AuthenticationWho are you?

Authorizationwhich resources the user is allowed to access and which

operations the user is allowed to perform?

BENEFITS OF AAA1. AAA provides scalability.

Typical AAA configurations rely on a server or group of servers to store usernames and passwords.

This means that local databases do not have to be built and updated on every router and access server in the network.

Instead, the routers in the network become clients of these security servers.

By centralizing the username/password database, AAA makes it possible to enter, update, and store information in one place.

BENEFITS OF AAA…..2. AAA supports standardized security

protocols, specifically TACACS+, and RADIUS.

3. AAA allows for multiple backup systems.

OVERVIEW OF THE AAA CONFIGURATION PROCESS Enable AAA by using the aaa new-model global

configuration command. If you decide to use a separate security server, configure

security protocol parameters, such as RADIUS, TACACS+.

Define the method lists for authentication by using an AAA authentication command.

Apply the method lists to a particular interface or line, if required.

(Optional) Configure authorization using the aaa authorization command.

(Optional) Configure accounting using the aaa accounting command.

TYPICAL AAA NETWORK CONFIGURATION

ENABLING AAA Before you can use any of the services AAA

network security services provide, you must enable AAA.

To enable AAA, use the following command in global configuration mode:

DISABLING AAA To disable AAA, use the following command in

global configuration mode:

AUTHENTICATION PROTOCOLS IN AAA

RADIUS TACACS+

RADIUS RADIUS: Remote Authentication Dial In User

Service A distributed client/server system used with AAA

that secures networks against unauthorized access.

This central server contains all user authentication and network service access information.

In the Cisco implementation, RADIUS clients run on Cisco routers and send authentication requests to a central RADIUS server.

on UDP

RADIUS AUTHENTICATION PROCESS

TACACS+

TACACS: Terminal Access Controller Access Control System

A security application used with AAA that provides centralized validation of users attempting to gain access to a router or network access server.

TACACS+ services are maintained in a database on a TACACS+ daemon running on a UNIX, Windows NT, or Windows 2000 workstation.

TACACS+ provides for separate and modular authentication, authorization, and accounting facilities

On TCP

TACACS+ AUTHENTICATION PROCESS

REFRENCES http://www.cisco.com http://www.ciscopress.com/ http://en.wikipedia.org/wiki/AAA_protocol http://www.webopedia.com/TERM/A/AAA.html

?QUERIES

THANK YOU