12.5 Managing Network Access

terminal access controller access-control system plus (TACACS+)

AAA access protocol

unified threat management (UTM)

all in one solution that integrate wide range of security features into one appliance

accounting

defines and keeps track of what you do; carried out as part of system log (syslog), records and stores events related to the system

authorization

defines what you are allowed to do; governs privileges and tasks a user can perform after gaining access to network; determines whether user has authority to perform tasks or access certain resources

authentication

defines who and what you are; happens first; identify valid user; username and password;

authentication, authorization, and accounting

framework developed to control access to computing resources, enforce policies, and audit usage; building blocks that are the core of network management and security

remote authentication dial-in user service (RADIUS)

most widely used AAA protocol used today; manages users who connect and use network services

Kerberos

network authentication protocol used in enterprise environments

documentation

network drawings and diagrams, asset management, and vendor documentation

single sign on (SSO)

permits users to authenticate only once, after successful authentication, users are trusted to access other services or systems based on the ticket

network access control (NAC)

security mechanism that can be implemented on a network to register, authenticate, authorize, and enforce security policies on all endpoint devices before they are allowed to access network