AAA Model In Cloud Computing

INTRODUCTION OF AAA
• Sometimes referred to as “ triple-A” or just
AAA,
• A- Authentication
• A- Authorization
• A- Accounting
• Represent the big tree in terms of IP based
network management & policy administration
 AUTHENTICATION
• Authentication is a process that ensures &
confirms a user’s identity.
• Authentication begins when a user tries to
access information.
• The user must prove his access rights &
identity.
• This login combination, which must be
assigned to each user, authenticates access.
 AUTHORIZATION
• Authorization is the process of granting or
denying a user access to network resources
once the user has been authenticated through
the username & password. The amount of
information & the amount of services the user
has access to depend on the user’s
authorization level.
 ACCOUNTING
• Accounting is the process of keeping track of
a user’s activity while accessing the network
resources, including the amount of time spent
in the network, the services accessed while
there & the amount of data transferred during
the session.
• Accounting data is used for trend analysis,
capacity planning, billing auditing & cost
allocation.
 AAA MODEL—NETWORK SECURITY
ARCHITECTURE
• Authentication – Who are you? – “I am user
student and my password validateme proves it.”
• Authorization – What can you do? What can you
access? – “User student can access host
serverXYZ using Telnet.”
• Accounting – What did you do? How long did you
do it? How often did you do it? – “User student
accessed host serverXYZ using Telnet for 15
minutes.”
 IMPLEMENTING AUTHENTICATION
USING LOCAL SERVICES
• 1. The client establishes a connection with the
router.
• 2. The router prompts the user for a username
and password.
• 3. The router authenticates the username and
password in the local database. The user is
authorized to access the network based on
information in the local database. Perimeter
Router Remote Client
 IMPLEMENTING AUTHENTICATION
USING EXTERNAL SERVERS
• 1. The client establishes a connection with the
router.
• 2. The router prompts the user for a
username and password.
• 3. The router passes the username and
password to the Cisco Secure ACS (server or
engine).
•
 IMPLEMENTING AUTHENTICATION
USING EXTERNAL SERVERS(Cont..)
• 4. The Cisco Secure ACS authenticates the
user. The user is authorized to access the
router (administrative access) or the network
based on information found in the Cisco
Secure ACS database. Perimeter Router
Remote Client Cisco Secure ACS for Windows
Server Cisco Secure
 TACACS+ AND RADIUS AAA
PROTOCOLS
• Two different protocols are used to communicate
between the AAA security servers and
authenticating devices.
• Cisco Secure ACS supports both TACACS+ and
RADIUS: – TACACS+ remains more secure than
RADIUS. – RADIUS has a robust application
programming interface and strong accounting.
Cisco Secure ACS Firewall Router Network Access
Server TACACS+ RADIUS Security Server
 PPP , ISDN , PSTN
• Point-to-Point Protocol (PPP) is a data link
(layer 2) protocol used to establish a direct
connection between two nodes. It connects
two routers directly without any host or any
other networking device in between. It can
provide connection
authentication,transmission encryption (using
E CP, RFC 1968), and compression
 PPP , ISDN , PSTN
• ISDN : Integrated Services Digital Network
(ISDN) is a set of communication standards for
simultaneous digital transmission of voice,
video, data
 PPP , ISDN , PSTN
• PSTN: Public Switched Telephone Network
(PSTN) is the world's collection of
interconnected voice-oriented public
telephone networks.
Thank You