Mod 3: 3.4 Access Control

Ace your homework & exams now with Quizwiz!

Authorization

After the user is authenticated, authorization services determine which resources the user can access and which operations the user is allowed to perform. An example is "User 'student' can access host server XYZ using SSH only."

Cisco provides two common methods of implementing AAA services

Local AAA Authentication Server-Based Authentication

Server-Based Authentication

This method authenticates against a central AAA server that contains the usernames and passwords for all users, as shown in the figure. Server-based AAA authentication is appropriate for medium-to-large networks.

Authentication

Users and administrators must prove that they are who they say they are. Authentication can be established using username and password combinations, challenge and response questions, token cards, and other methods. AAA authentication provides a centralized way to control access to the network.

Devices communicate with the Centralized AAA

Using Remote Authentication Dail-In User Service (RADIUS) or Terminal Access Controller Access Control System (TACACS+)

Resource Accounting

captures "start" and "stop" record support for connections that have passed user authentication. The additional feature of generating "stop" records for connections that fail to authenticate as part of user authentication is also supported. Such records are necessary for users employing accounting records to manage and monitor their networks.

Connection Accounting

captures information about all outbound connections that are made from the AAA client, such as by SSH.

System Accounting

captures information about all system-level events (for example, when the system reboots or when accounting is turned on or off).

Command Accounting

captures information about the EXEC shell commands for a specified privilege level, as well as the date and time each command was executed, and the user who executed it.

EXEC Accounting

captures information about user EXEC terminal sessions (user shells) on the network access server, including username, date, start and stop times, and the access server IP address.

Network Accounting

captures information for all Point-to-Point Protocol (PPP) sessions, including packet and byte counts

Lightweight

for user authentication and group membership, while maintaining its own authorization and accounting data base

Centralized AAA

is more scalable and manageable than Local AAA authentication. May independently maintain databases for authentication, authorization, and accounting.

Accounting

records what the user does, including what is accessed, the amount of time the resource is accessed, and any changes that were made. Accounting keeps track of how network resources are used. An example is "User 'student' accessed host server XYZ using SSH for 15 minutes."

Local AAA Authentication

this method is sometimes known as self-contained authentication because it authenticates users against locally stored usernames and passwords, as shown in the figure. Local AAA is ideal for small networks.


Related study sets

ACCT 450 - Chapter 14 Partnerships: Formation and Operation

View Set

ITExams - CompTIA A+ Core 1 Practice Test

View Set

PN PASSPOINT: THE NURSING PROCESS

View Set

A. Life Insurance Policy Riders -Guaranteed Insurability Rider (GIR)-

View Set

Ch. 7 Moral Development, Values, and Religion

View Set

Ch 17 - Aminoglycosides and Fluoroquinolones

View Set

Module 4 Thyroid/Para/Adrenal/Pituitary/AKI/CKD/Bioterrorism

View Set

Hazmat - Will Carry - Labeling and Marking

View Set