Understanding AAA Operation In Cyber Security
Cisco provides two common methods of implementing AAA services.
|Functionality||It separates authentication, authorization, and accounting functions according to the AAA architecture. This allows modularity of the security server implementation.||It combines authentication and authorization but separates accounting, which allows less flexibility in implementation than TACACS+|
|Standard||Mostly Cisco supported||Open/RFC standard|
|Transport||TCP port 49||UDP ports 1812 and 1813, or 1645 and 1646|
|Protocol CHAP||Bidirectional challenge and response as used in Challenge Handshake Authentication Protocol (CHAP)||Unidirectional challenge and response from the RADIUS security server to the RADIUS client|
|Confidentiality||Encrypts the entire body of the packet but leaves a standard TACACS+ header.||Encrypts only the password in the access-request packet from the client to the server. The remainder of the packet is unencrypted, leaving the username, authorized services, and accounting unprotected.|
|Customization||Provides authorization of router commands on a per-user or per-group basis||Has no option to authorize router commands on a per-user or per-group basis|
AAA Accounting Logs
|Type of Accounting Information||Description|
|Network Accounting||Network accounting captures information for all Point-to-Point Protocol (PPP) sessions, including packet and byte counts.|
|Connection Accounting||Connection accounting captures information about all outbound connections that are made from the AAA client, such as by SSH.|
|EXEC Accounting||EXEC accounting captures information about user EXEC terminal sessions (user shells) on the network access server, including username, date, start and stop times, and the access server IP address.|
|System Accounting||System accounting captures information about all system-level events (for example, when the system reboots or when accounting is turned on or off).|
|Command Accounting||Command accounting captures information about the EXEC shell commands for a specified privilege level, as well as the date and time each command was executed, and the user who executed it.|
|Resource Accounting||The Cisco implementation of AAA accounting captures “start” and “stop” record support for connections that have passed user authentication. The additional feature of generating “stop” records for connections that fail to authenticate as part of user authentication is also supported. Such records are necessary for users employing accounting records to manage and monitor their networks.|
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained includes staffs of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training.
I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.
Fact Check Policy
CRMNAIJA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.