CompTia Security+: 1.2.3 Authentication, Authorization and Accounting




The AAA framework—Authentication, Authorization and Accounting—is a foundational security model in IT environments, and it's essential for the CompTIA Security+ exam. Here’s a detailed breakdown of each component:




1. Authentication:

Authentication is the process of verifying the identity of a user, system, or device attempting to access a network or resource. It answers the question: Who are you?

Types of Authentication:

  • Single-Factor Authentication (SFA): Relies on one method of identity verification, like a password or PIN.
  • Multi-Factor Authentication (MFA): Requires two or more forms of verification, typically a combination of:
    • Something you know: Password, PIN.
    • Something you have: Token, smart card.
    • Something you are: Biometric data (fingerprints, retina scans).
  • Strong Authentication: Requires additional steps or factors to ensure the identity is correct beyond just a password.

Protocols Common in Authentication:

  • RADIUS (Remote Authentication Dial-In User Service): Used for centralized authentication, especially for network devices. RADIUS uses a shared secret for encryption but does not encrypt the entire session.
  • TACACS+ (Terminal Access Controller Access-Control System Plus): Provides more detailed control over authentication and can separate authentication, authorization, and accounting functions.
  • Kerberos: An authentication protocol that uses tickets and timestamps to allow secure authentication over insecure networks. Kerberos uses symmetric key cryptography.

Authentication Methods:

  • Username/Password: Common but susceptible to attacks such as brute force or credential stuffing.
  • Digital Certificates: Uses public-key infrastructure (PKI) to authenticate users or devices via certificates.
  • Biometrics: Increasingly used in environments that require high security, biometrics include fingerprints, retina scans, voice recognition, etc.



2. Authorization:

Authorization follows authentication and determines what resources the authenticated user can access. It answers the question: What are you allowed to do?

Principle of Least Privilege:

  • The least privilege principle states that users should only have the minimum level of access required to perform their job. This reduces the risk of accidental or malicious misuse of access.

Access Control Models:

  • Discretionary Access Control (DAC): In DAC, the owner of the resource decides who gets access.
  • Mandatory Access Control (MAC): Access is determined by a centralized authority, often based on classification levels (e.g., Top Secret, Confidential).
  • Role-Based Access Control (RBAC): Access is determined by the user's role in the organization. It simplifies management by assigning permissions based on roles rather than individuals.
  • Attribute-Based Access Control (ABAC): Access is granted based on attributes like user roles, time of access, or other contextual factors.

Authorization Techniques:

  • ACLs (Access Control Lists): Lists of permissions associated with objects, specifying who can access the object and the level of access (read, write, execute, etc.).
  • OAuth 2.0: Often used for web applications, it allows third-party services to exchange information securely without sharing credentials.
  • SAML (Security Assertion Markup Language): Used in Single Sign-On (SSO) systems to facilitate the exchange of authentication and authorization information between service providers and identity providers.



3. Accounting:

Accounting, also known as auditing, tracks user activities and resource access. It answers the question: What did you do?

Purpose of Accounting:

  • Auditing and Monitoring: Logs of user activity help track access and can be used to detect suspicious behavior, investigate incidents, or comply with regulatory requirements.
  • Forensics: Logs can provide a trail of evidence in the event of a security breach or unauthorized access.
  • Compliance: Many regulatory frameworks (e.g., HIPAA, PCI-DSS) require detailed accounting and auditing of user actions.

Types of Information Collected:

  • Login and Logout Times: Who logged in and out, and at what times?
  • Accessed Resources: What files, directories, or systems were accessed?
  • Changes Made: What modifications were made to files, settings, or system configurations?
  • Commands Executed: Especially in a server environment, keeping track of commands helps monitor administrative actions.

Accounting Technologies:

  • Syslog: A standard for message logging, especially in Unix-like systems. It's used to store logs centrally for review and auditing.
  • SNMP (Simple Network Management Protocol): Often used for collecting network usage data and device monitoring.
  • AAA Servers: Systems like RADIUS and TACACS+ often handle accounting in addition to authentication and authorization.



Integration of AAA:

In a typical network environment, the AAA framework operates together to enforce security:

  • Authentication: Ensures the person logging in is who they claim to be.
  • Authorization: Limits what they can do after they are authenticated.
  • Accounting: Monitors and logs everything they do, providing an audit trail.

For example, a user may log in via a VPN using multi-factor authentication (authentication). Once authenticated, the user can access only certain network drives based on their role in the organization (authorization). The system logs the time the user logged in, what resources they accessed, and when they logged out (accounting).




Relevance to the CompTIA Security+ Exam:

  • The AAA framework is fundamental to understanding network security, access control, and auditing in the CompTIA Security+ exam.
  • The exam expects you to understand how these components work together and how to implement them using different technologies like RADIUS, TACACS+, and ACLs.
  • You should be familiar with common threats to each part of the framework, such as password attacks (for authentication) or privilege escalation (for authorization), and how to mitigate those threats.

By mastering the AAA framework, you'll be well-prepared to tackle access control, network security, and auditing questions on the Security+ exam.




Post a Comment

Previous Post Next Post