What is AAA?

<aside> 💡 Here AAA stands for Authentication, Authorization, and Accounting.

</aside>

AAA is a security framework that controls access to computer resources, enforces policies, and audits usage. The combined processes of AAA framework play a major role in your network management and cybersecurity, by screening users and keeping track of their activity while they are connected to your network.

You whole Identity And Access Management (IAM) is the product of this framework.

  1. AUTHENTICATION

Authentication is about asking a user to provide information about 'Who' they are. They have to present their login credentials to affirm they are who they claim. Then your AAA server (read, IAM solution or server) will match their credentials with its database of stored credentials, by comparing username, password, and other MFA tokens with the specific user in question.

Three types of authentication tools are: something you know (e.g., password), something you have (e.g., USB key), and something you are (e.g., your fingerprint or other biometrics).

  1. AUTHORIZATION

Authorization cannot exist without authentication.

Authorization is about granting some specific privileges to users allowing them access to systems, network or other digital resources. The areas and sets of permissions granted a user are stored in a database along with the user’s identity.

You can change a user's privileges, if you are an administrator.

Authorization is different from authentication in that authentication only checks a user’s identity, whereas authorization stipulates what that user is allowed to do.

For example, a member of your IT team may not have the privileges necessary to change the access passwords for your company-wide VPN. However, as the network administrator, you may choose to give that team-member access privileges, enabling him to alter the VPN passwords of individual users. In this manner, that team member will be authorized to access an area he was previously barred from.

  1. ACCOUNTING

Accounting is about keeping track of your users' activity while they are logged in to your network. It dictates that you are tracking information, such as:

➢ How long they were logged in? ➢ The data they sent or received ➢ Their Internet Protocol (IP) address ➢ URLs they used ➢ Different services they accessed, etc.

Accounting is important to analyze users' activity trends, audit their activity, and so on. This can be done by leveraging the data collected during the user’s access.

So many services which are subscription-based with some usage-limitations, accounting is must, otherwise you won't be able to bill your users or customers properly. Online advertising on platforms such as Facebook, Google, Linkedin, etc, is example of these sort of accounting.

Accounting is so critical that it becomes the basis of Network Access Monitoring too. In this way, bad actors can be kept out, and a presumably good actor that abuses their privileges can have their activity tracked, which gives administrators valuable intelligence about their activities.

👉 Types of AAA Protocols