Authentication, Authorisation and Accounting
AAA Stands for Authentication, Authorisation and Accounting. It is a security framework to help control access and keep track of actions on the system for accountability.
Authentication
Is the process of verifying a user's identity before allowing access to a system or resource. This can be done through passwords, biometrics, tokens, or other methods.
Authorisation
Determines what actions a user is allowed to perform after being authenticated. This is often based on the user's role within an organization or their specific permissions.
Accounting
Refers to the tracking and logging of user activity, including the resources accessed and actions performed. This helps with auditing, compliance, and incident response.
Types of Access Control
Access control is a fundamental concept in cybersecurity that refers to the process of controlling who has access to what resources and under what conditions.
Authentication, Authorization, and Accounting (AAA) is a security framework that provides a way to control access to resources by requiring users to authenticate their identities,
specifying what actions they are authorized to perform, and keeping track of their activity through accounting.
In this article, we provide an overview of the key concepts and benefits of AAA and access control. We discuss the different types of access control,
including Mandatory Access Control (MAC), Discretionary Access Control (DAC), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC).
We also explain how AAA is linked to these access control models and how they work together to enforce security policies within an organization.
ABAC ( Attribute Based Access Control )
Attribute-Based Access Control is control based on the users profile such as :
- Roles within an organisation
- Location
- Time of the day
- Device type
These unique characteristics will help create a profile that will help to identify the individual.
This access control is a more flexible control type when compared to traditional models such as DAC, MAC and RBAC.
ABAC model is more effective when using in conjuction with the other access types.
MAC ( Mandatory Access Control )
TOP SECRET
MAC enforces hierarchical levels of access, where the system determines what files or resources a user can access, based on their level of clearance or label.
TOP SECRET
DAC ( Discretionary Access Control )
DAC is the least restrictive and the access is based on the discretion of the owner of the resource. Do you know how you can easily share a folder from OneDrive to someone from your team? That is DAC in action.
Think about easily sharing files on OneDrive.
RBAC ( Role-based Access Control )
Provides access based on the role within an organisation. Access is determined by the policies set by the organisation Security Administrator. This is the most used access in companies.
Think about Windows Group Policy.
Summary
In conclusion, AAA and access control are critical components of a robust cybersecurity strategy. By understanding the key concepts and benefits of these security frameworks, organizations can better protect their resources and data from unauthorized access and ensure regulatory compliance.