AAA - Managing Access Control 🔒🌐

Paulo Bazzo
Paulo Bazzo

Authentication, Authorisation and Accounting

AAA Stands for Authentication, Authorisation and Accounting. It is a security framework to help control access and keep track of actions on the system for accountability.

Authentication

Is the process of verifying a user's identity before allowing access to a system or resource. This can be done through passwords, biometrics, tokens, or other methods.

Authorisation

Determines what actions a user is allowed to perform after being authenticated. This is often based on the user's role within an organization or their specific permissions.

Accounting

Refers to the tracking and logging of user activity, including the resources accessed and actions performed. This helps with auditing, compliance, and incident response.


Types of Access Control

Access control is a fundamental concept in cybersecurity that refers to the process of controlling who has access to what resources and under what conditions. Authentication, Authorization, and Accounting (AAA) is a security framework that provides a way to control access to resources by requiring users to authenticate their identities, specifying what actions they are authorized to perform, and keeping track of their activity through accounting.

In this article, we provide an overview of the key concepts and benefits of AAA and access control. We discuss the different types of access control, including Mandatory Access Control (MAC), Discretionary Access Control (DAC), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC). We also explain how AAA is linked to these access control models and how they work together to enforce security policies within an organization.


ABAC ( Attribute Based Access Control )

Attribute-Based Access Control is control based on the users profile such as :

  • Roles within an organisation
  • Location
  • Time of the day
  • Device type

These unique characteristics will help create a profile that will help to identify the individual. This access control is a more flexible control type when compared to traditional models such as DAC, MAC and RBAC.
ABAC model is more effective when using in conjuction with the other access types.



MAC ( Mandatory Access Control )

TOP SECRET
MAC enforces hierarchical levels of access, where the system determines what files or resources a user can access, based on their level of clearance or label.
TOP SECRET



DAC ( Discretionary Access Control )

DAC is the least restrictive and the access is based on the discretion of the owner of the resource. Do you know how you can easily share a folder from OneDrive to someone from your team? That is DAC in action.

Think about easily sharing files on OneDrive.



RBAC ( Role-based Access Control )

Provides access based on the role within an organisation. Access is determined by the policies set by the organisation Security Administrator. This is the most used access in companies.

Think about Windows Group Policy.



Summary

In conclusion, AAA and access control are critical components of a robust cybersecurity strategy. By understanding the key concepts and benefits of these security frameworks, organizations can better protect their resources and data from unauthorized access and ensure regulatory compliance.