Translate

Thursday, 15 January 2015

Securing the Management Plane (AAA)

For Securing the management plane we need to set up enable secrets, give user based privilege mode, locking down access methods and AAA.

What is AAA?
AAA method (AuthenticationAuthorization and Accounting)-
When it comes to network security, AAA is a requirement.
  • Authentication: Identifies users by login and password using challenge and response methodology before the user even gains access to the network. Depending on your security options, it can also support encryption.
  • Authorization:It tells what authority the logged in user has. After initial authentication, authorization looks at what that authenticated user has access to do. RADIUS or TACACS+ security servers perform authorization for specific privileges by defining attribute-value (AV) pairs, which would be specific to the individual user rights. In the Cisco IOS, you can define AAA authorization with a named list or authorization method.
  • AccountingThe last "A" is for accounting. It provides a way of collecting security information that you can use for billing, auditing, and reporting. You can use accounting to see what users do once they are authenticated and authorized. For example, with accounting, you could get a log of when users logged in and when they logged out.

Why every network admin should care about AAA

 AAA is a critical piece of network infrastructure. AAA is what keeps your network secure by making sure only the right users are authenticated,  those users have access only to the right network resources.

No comments:

Post a Comment