CISS 327 Module 7: Authentication, Authorization, and Accounting (AAA)

Terminal Access Controller Access Control System (TACACS+)

A Cisco enhancement to the original TACACS protocol that splits all three AAA functions into their separate processes, allowing better modularity.

Bring Your Own Device (BYOD)

A business policy that permits, and in some cases, encourages, employees to use their own mobile devices (smartphones, tablets, or laptops) to access company computing resources and applications, including email, corporate databases, the corporate intranet, and the Internet.

Authentication, Authorization, and Accounting (AAA)

A framework that allows efficient and effective identification, resource granting, and monitoring users accessing a system.

Lightweight Directory Access Protocol (LDAP)

A protocol used by various client applications when the application needs to query a database.

IETF (Internet Engineering Task Force)

An international open committee that works to develop and maintain Internet standards and contribute to the evolution and smooth operation of the Internet

Remote Authentication Dial-In User Service (RADIUS)

An open IETF standard AAA protocol for applications such as network access or mobility that combines the authentication and authorization as one process.

Active Directory (AD)

Microsoft's directory service, is a central database of all network resources that is used to manage the network and provide users with access to resources.

Identity Services Engine (ISE)

The Cisco ISE is a critical piece to the Cisco BYOD solution. It is the cornerstone of the AAA requirements for endpoint access, which are governed by the security policies put forth by the organization.

Server-based AAA Authentication

The server-based method uses an external database server resource that leverages RADIUS or TACACS+ protocols.

Local AAA Authentication

This AAA method stores usernames and passwords locally in the Cisco router, and users authenticate against the local database.