12.5 Managing Network Access
terminal access controller access-control system plus (TACACS+)
AAA access protocol
unified threat management (UTM)
all in one solution that integrate wide range of security features into one appliance
accounting
defines and keeps track of what you do; carried out as part of system log (syslog), records and stores events related to the system
authorization
defines what you are allowed to do; governs privileges and tasks a user can perform after gaining access to network; determines whether user has authority to perform tasks or access certain resources
authentication
defines who and what you are; happens first; identify valid user; username and password;
authentication, authorization, and accounting
framework developed to control access to computing resources, enforce policies, and audit usage; building blocks that are the core of network management and security
remote authentication dial-in user service (RADIUS)
most widely used AAA protocol used today; manages users who connect and use network services
Kerberos
network authentication protocol used in enterprise environments
documentation
network drawings and diagrams, asset management, and vendor documentation
single sign on (SSO)
permits users to authenticate only once, after successful authentication, users are trusted to access other services or systems based on the ticket
network access control (NAC)
security mechanism that can be implemented on a network to register, authenticate, authorize, and enforce security policies on all endpoint devices before they are allowed to access network