This chapter covers the following topics:
Introduction to AAA: This section introduces you to the importance of AAA.
Authentication: This section focuses on the various factors of authentication, the need for MFA, as well as passwords and password policies.
Authorization: This section explores the need for authorization.
Accounting: This section explores the need for accounting.
RADIUS: This section examines the need for RADIUS and provides some sample use cases.
To provide confidentiality, integrity, and availability, you must be able to granularly control access to all resources and ensure that the access controls are upheld at all times. If the access controls ever break down, legitimate or non-legitimate users, applications, or services will have access to resources they should not have access to.
To provide an access management solution that maintains the appropriate levels of confidentiality, integrity, and availability, you must consider the AAA framework, which outlines the best practices you need to consider when it comes to authentication, authorization, and accounting.
This chapter introduces the AAA framework. It first focuses on authentication, MFA, and password policies. It then moves on to covering authorization, followed by accounting. It wraps up by examining a AAA service known as RADIUS.
This chapter covers information related to the following Cisco Certified Support Technician (CCST) Cybersecurity exam objective:
1.3. Explain access management principles.
“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz allows you to assess whether you should read this entire chapter thoroughly or jump to the "Exam Preparation Tasks" section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read the entire chapter. Table 3-1 lists the major headings in this chapter and their corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Review Questions.”
Table 3-1 “Do I Know This Already?” Section-to-Question Mapping
Foundation Topics Section |
Questions |
---|---|
Introduction to AAA |
1 |
Authentication |
2 |
Authorization |
3 |
Accounting |
4 |
RADIUS |
5 |
Which of the following correctly defines AAA?
A client/server protocol used for authentication, authorization, and accounting
The process of verifying that someone or something is in fact truly who they say they are
A framework that helps build the controls needed to access computing resources, enforce policies, and audit usage
A type of MFA that encourages three factors
Which of the following correctly defines authentication?
The process of adopting the least-privilege principle, the need-to-know principle, and the implicit-deny principle
The process of granting privileges and controlling what a user is able to do
The process of monitoring, recording, and auditing everything in an organization
The process of verifying that someone or something is in fact truly who they say they are
Which of the following correctly defines authorization?
The process of monitoring, recording, and auditing everything in an organization
The process of granting privileges and controlling what a user is able to do
The process of verifying that someone or something is in fact truly who they say they are
The process of collecting, consolidating, and correlating log files
Which of the following correctly defines accounting?
The process of using biometrics to allow access to a system
The process of verifying that someone or something is in fact truly who they say they are
The process of granting privileges and controlling what a user is able to do
The process of monitoring, recording, and auditing everything in an organization
What is RADIUS?
A client/server protocol used for accounting only
A client/server protocol used for authentication only
A client/server protocol used for authentication and authorization only
A client/server protocol used for authentication, authorization, and accounting