18.2. AAA
AAA is an acronym for authentication, authorization, and accounting. Many NAC vendors use this terminology and concept. In most cases, the term describes the first two As in AAA, including the process of validating that users are who they say they are and then determining what level of access each user gets on the network, based on his or her credentials, as well as other pieces of information such as role in the organization. The three As are
Authentication: Collecting some sort of identifying credential and verifying that information so that you can confirm, unequivocally, who the user is. Most NAC implementations support a variety of authentication mechanisms, ranging from user name and password to digital certificates and one-time passwords.
Authorization: Determining what level of access a user can have on the network (or, more generally, which policies apply to that user) as a result of several factors. Authentication is usually part of the authorization that a user ends up with, but other authorization factors in many NAC implementations include endpoint integrity and attributes assigned to the user in the corporate directory (such as role or group).
Accounting: Tracking what the user has done on the network. NAC solutions are generally equipped with granular logging capabilities that allow your organization to keep records of data and application access. These records can help you audit and perform other compliance tasks, or investigate network events after they ...
Get Network Access Control For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
