What is AAA (Authentication, Authorization & Accounting)?

What is AAA (Authentication, Authorization & Accounting)?

Feb 06, 2022 / Kron

Gaining particular momentum with the global pandemic outbreak, digital transformation and internet technologies made our lives easier while on the other hand bringing new, more complex systems. The internet of things (IoT) is one of the leading technologies to regulate this heavy traffic, caused by the widespread use of mobile systems and newly introduced remote forms of working via remote connection systems etc. While it is easy to respond to customer demands with IoT, especially in sectors such as banking, telecommunications, finance and insurance, where subscription transactions may be intense, it is also necessary to manage, control and record this intense network traffic to keep it safe. AAA (Authentication, Authorization, Accounting) brings a new layer of protection to network security, where you can securely access, authorize and monitor devices and all resources connected to a network.

What is AAA?

AAA consists of three components that make access to a network more secure. These three components, Authentication, Authorization, and Accounting (activity monitoring/charging), are shortly referred to as AAA. AAA is an effective network controller that enables the authorized user to connect over the network with proof of credentials in accessing computer resources, determine what they are authorized to do, and track and record all activity during access. What the AAA components do can be summarized as follows:

  • Authentication: Defined as authentication or ID verification. It is the first step in accessing the network. It is the stage whereby the login to the network is authorized by verifying the user's credentials and password by comparing them over the database. Each business has the freedom to create a system of its own for validation of credentials and the encryption. For example, a telecommunications company might verify access to the network by a company executive during customer acquisition transactions, while in a banking transaction, a remote POS device can be validated. It makes the login process safer by using hashing algorithms to prove that a person or device has the authorization to access the system. Authentication can take two forms, server-based or local AAA validation. Server-based authentication is used in cases where there are many routers, and with login processes requiring a user-name and password, the entered information goes to the server where AAA is active as a package. If the information is confirmed in the comparative process, the package returns positive and the input becomes active. While local authentication is used on smaller networks. Here, user information authentication is done through the router's database.
  • Authorization: It means validation/confirmation of a login attempt. After accessing the system, the authorization stage begins, defining the resources that a user can access and what operations he/she can perform. For example, business-specific authorizations such as guest login, member login and manager login are made. Users are grouped according to these authorizations. A user can be in more than one authorization group. In other words, a user with more than one authorization has access to resources/systems he/she has been granted permission to access. User authorizations can be changed at any time by the administrator.
  • Accounting: This refers to pricing, activity monitoring, accounting transactions or calculation. This is the stage where all transactions are tracked and recorded. Users connected to the system can be monitored in real time, as well as via access log records. Date and hour of every user activity is recorded. For example, if it is a remote working system, the number of times employees log in to the system, the length of time they remain active, and all their transactions are tracked, and their working efficiency and wages are calculated. These data are also used to obtain statistical data, to measure and evaluate, or to validate the approach when there is an issue.

What is the importance of the AAA Framework in Network Security?

Especially considering today's remote working systems and the increase in the number of online customers, it has become more difficult to maintain control over the heavy traffic and complex transactions on the network. AAA functions as a controlling and regulating mechanism to monitor the logins into /logouts from the system, who can access what in a complex structure, and all transactions performed. AAA regulates access both on the network and on the devices used. With a simultaneous monitoring system, it responds to potential issues in network safety caused by hackers wishing to infiltrate into the system as well as faulty transactions or malicious internal actors. With AAA, one of the important steps in network security, corporate assets, customer information and other data are kept safe.

What are the Advantages of AAA?

The main advantages of AAA Framework, which enables intelligent management of network security in accessing computer resources, are:

  • It improves the scalability of the network and provides flexibility.
  • It contributes to the establishment of a standard in network protocols.
  • Oversight of network accesses simplifies the management of processes.
  • RADIUS authorizes access of each user based on their credentials.

AAA Protocol Types

RADIUS and TACACS+ are the most widely used AAA protocols. The biggest difference between the two is TACACS+ executes authentication and authorization processes separately, while RADIUS offers a combined approach.

RADIUS, short for Remote Authentication Dial-In User Service, stands for remote dial-in user authentication service. It is a client/server protocol used for authenticating users to access the network remotely. Passwords are always encrypted in the RADIUS protocol. It uses UDP (User Datagram Protocol 1654 and 1812 connections) for transmission of data. The client-side request to the RADIUS server running at the application and transport layers is answered in three different ways. If the user does not authenticate, an Access Reject response is transmitted. When the server requests a second password from the user, it sends an Access Challenge to the user. When the RADIUS server verification process is completed, the response is "Access Accepted".

TACACS+ (Terminal Access Controller Access-Control System Plus) provides central authentication of remote access to a network, system or device. It is an AAA protocol developed by Cisco. A different response is transmitted by the server. If the Accept response is received, access is confirmed. Error refers to an error with the login, which requires a re-login, while the Reject response is generated when the user is not authenticated or fails the authentication step. When a second authentication step is requested, the answer is Continue.

Make AAA Processes Safer and Easier with Marta AAA

Marta AAA can be used by the telecommunications industry, internet service providers and finance industries and enables manage AAA processes more dynamically and easily with its state-of-the-art security features. Using the AAA RADIUS protocol, Marta AAA has the ability to verify the ID of millions of users in seconds with its strong and sustainable infrastructure. With customizable AAA functions, it allows flexible use of various telecommunication, ISP and service providers according to specific requirements. On the back-end, compatibility with wired and wireless 802.1X solutions is seamless. Kron Marta AAA supports flexible authentication methods such as AAA, PAP/CHAP, EAP, LDAP, RDBMS, LENA NoSQL based authentication and 802.1x port authentication. Offering a high level of performance in complex profiling, Marta AAA makes things easy and safe by customizing your business's AAA processes.

To ensure your network security easily and effectively, meet with Marta AAA now and if you need any assistance feel free to contact us for more detailed information.

Other Blogs