Authentication, Authorization, and Accountability (AAA)

Authentication, Authorization, and Accountability (AAA)

Authentication

Verifying the identity of a user or system.

Goal: Confirm that an entity is who or what it claims to be.
Techniques:
- Passwords, PINs
- Biometric verification (e.g., fingerprint, facial recognition)
- Token-based authentication (e.g., OTPs, smart cards)
- Certificate-based authentication
Example: Logging into an online banking system using a username and password.

Authorization

Granting or denying permission to access resources based on identity and access rights.

Goal: Ensure users can only perform actions or access data they are allowed to.
Techniques:
- Access control lists (ACLs)
- Role-Based Access Control (RBAC)
- Policy-Based Access Control (PBAC)
Example: A customer can view their own bank account details but cannot access another customer’s account.

Accountability (or Auditing)

Tracking and recording user activities and ensuring actions are attributable to specific entities.

Goal: Provide traceability, detect anomalies, and ensure compliance.
Techniques:
- Logging and monitoring user activities
- Security Information and Event Management (SIEM) systems
- Audit trails and reports
Example: Recording all admin actions on a database to detect and investigate unauthorized changes.

INTRODUCTION TO NETWORK SECURITY← Confidentiality, Integrity, and Availability (CIA triad)

INTRODUCTION TO NETWORK SECURITYSecurity Policies and Standards →