Open in app

Sign in

Write

Sign in

What Do You Mean By AAA Security? — Tech-Wire

Krishnakumar Karancherry
7 min readSep 27, 2022

Welcome to our second article in the Information Security series. Today’s topic is the AAA Security (Triple-A) principle. This an important topic that you should never miss. So, stay here and bear with us.

The AAA we mean is not that thin battery you use for your TV or Air condition remote. AAA (pronounced triple A) is a security framework that derived its name from its three main services: Authentication, Authorization, and Accounting. The AAA is an essential security concept for the protection of your organization’s information systems.

In simple words, the AAA framework checks and authenticates the identity of the subject attempting to access a resource (object). If authenticated, it next checks the access policy to verify whether that subject is authorized to access the requested object or not. In all cases, the entire process is monitored and audited, so that the subject (or user) is accountable for his actions.

This is the AAA Security concept in brief. Now, let’s discuss it in some detail.

To learn about the differences between subject and object, and the relation between both, refer to the previous article Introduction to Information Security.

What are the components of AAA?

The Identification process is the first step that occurs when a subject initiates an attempt to access an object (data, computer, or network resource). The process requires the subject to present his/its identity. The identity could be a username, a fingerprint, a smart card, an IP address, or a computer process (program) ID.

The identity presented by the subject is just a claim. Anybody can type any username, spoof a MAC address, or IP address, or steal a smart card. So, this claimed identity must be verified before granting the subject the required access to the object. This verification process is called Authentication.

In simpler words, Authentication is the process of verifying that you are truly the one who you claim that you are. The most popular authentication method is password authentication, where the user requesting access is prompted (after typing his username) to enter his “secret” password. Once entered, this password is compared with a privately-stored database of (users & passwords).

Password authentication is an example of what we call “Something you know”. Other authentication mechanisms are “Something you have” (like smart cards and tokens) and “Something you are” (like fingerprints and face recognition). More about these authentication types will be discussed in detail in a later article).

Authorization

After successful authentication, it is supposed that the subject will be granted the required access. Access is granted only if the subject has the right to access the object. This process is called Authorization. Authorization can be decided based on: files and directories permission (in Windows, UNIX and Linux), SELinux security contexts (in Linux), and maybe a mix of both permissions and security contexts.

Auditing

Starting from the moment when a subject identifies himself/itself and before even proving his identity with authentication, the system starts to audit (record or log) all subject’s actions. So, Auditing can be defined as the process of logging or recording subject activities and access attempts (either successful or not) to objects. Usually, audits are written in log files and/or forwarded to a centralized log server (like Syslog).

Accountability

Accountability is to guarantee that subjects are accountable (responsible) for their actions. Accountability is dependent on both Authentication and Auditing. Authentication verifies the identity of the subject, while auditing presents the proof that this specific subject had been involved in an activity and hence is accountable for it.

Technical Implementations of AAA

There are two main protocols that implement the AAA services in computer networks: RADIUS and TACACS+

RADIUS

The Remote Access Dial-In User Service or RADIUS is a network security protocol for controlling access to networks. RADIUS provides Authentication, Authorization and Accounting services.

This is done by maintaining a single database of user accounts. RADIUS authenticates a user, and then provides information about the type of service this user is allowed (Authorization). Upon granting access to the user, the accounting process starts.

The RADIUS server collects information about the user: his username, when he logged in & logged out, and his IP address.

TACACS+

The Terminal Access Control Access- Control System Plus is a network protocol used to manage and provide access control to network devices (switches, routers, firewalls, and IPS devices).

The TACACS+ server provides AAA security services to its clients (network devices). It “authenticates” users, and controls what privileges each user has, the maximum session duration for a user, and what commands the user is “authorized” to run/execute.

It also collects information for auditing and “accounting” purposes, such as username, session start and stops times, and commands executed.

Defence in Depth Defense in Depth?! What is it? Is it a football tactic?!

“Oh, that is funny!! But a good point really!! Why don’t we take the analogy from the football tactic?”

The Layered Defense or Defense in Depth concept is much like a football game when team A loses the ball. First, the striker(s) of team A should make some pressure on the opponent team’s (team B) defender having the ball.

The target of making such pressure is to make an early defence line in order to make it difficult for that defender to either move forward or pass the ball to another player.

The result of the team A striker’s pressure on the team B defender would be: cutting the ball and making a dangerous counterattack, or bad pass to another team B player who can hardly get the ball, or a correct pass to the team B midfielder.

If the defender could beat the pressure and pass the ball forward to his midfielder, then team A would activate his second defence line “the midfielders”. The midfielders should now press on the player having the ball to prevent him from going further. If they succeed, it would be fine.

If failed to get the ball back, and team B becomes close to the 18-yard area of team A, then the last defence line (the defenders) will come into the scene.

So, Defense in Depth or Multi-layered Defense can be defined as implementing multiple security countermeasures (controls, or safeguards) in sequence.

Let’s take the football example into the computer and information systems world and see how it applies. Consider an organization’s network that consists of the following components:

  1. First layer: a perimeter (edge) firewall that filters incoming traffic from the outside (untrusted) networks. As most firewalls do, it builds its decision based on: the source IP address, destination IP address, and destination port.
  2. Second layer: Intrusion Prevention System IPS that is installed in serial just after the perimeter firewall. Its function is to make deep packet inspection and compare network traffic packet(s) against a list of signatures (rules). If it detects any sign of attack attempts, it drops the malicious packet(s) and sends an alert to the network security administrators.
  3. Third layer: the organization’s core (backbone) switch that receives traffic and decides to which VLAN it should be directed. The core switch may contain firewall and IPS modules for more inspection of the incoming traffic.
  4. Fourth layer: the attack target host itself. Each host (server, laptop, or PC) should be able to defend itself. The possible host defences include but are not limited to: host operating system firewall (like Microsoft Windows Defender, Linux iptables / firewalld, and AIX IPsec), installing Antivirus software and keeping its definitions’ database up to date, installing security patches, using strong authentication, using host IPS (HIPS) software, regular backups, and encrypting critical data.
  5. The last and most important layer: is the user, the human itself. We should raise the awareness of staff using regular and continuous security awareness training, awareness emails, and workshops.

“Wow, with all these security countermeasures implemented, the organization’s information system must be very secure.”

Don’t want to be silly or disappointing, but an important principle to know about security is that nothing is secure 100%. All the above safeguards will be useless if a careless employee opens a suspicious email attachment (containing a virus or malware) from an unknown source, or if the physical security of the organization’s premises was breached.

Multi-layered Defense in Physical Security

Another example is the physical security of a building. Security guards with guns do exist in front of the building entrances. The entrance itself may be a strong iron gate that is difficult to pass or break.

An authorized person (like an employee) must use an access card or fingerprint to enter the building. Cameras exist everywhere in the building to record all actions on a 24×7 basis.

Motion detectors should also exist in restricted areas to detect and fire an alert if a suspicious motion is seen. Access control machines should also exist on the entry points of each floor. Mantraps with different access methods (one door with an access card and the other with a fingerprint) could be also used before allowing a person to enter a restricted area.

A clean disk policy should be in place to prevent employees from leaving important documents on their desks. Old or obsolete documents should never be just thrown carelessly in the trash. They should be shredded using a paper shredder.

The power of implementing a multi-layered defence strategy is that if a layer of security is compromised, the next line (layer) of defence will mitigate the threat and stop it or at least detect it and warns the security/admin in charge so that he could take the necessary actions to stop the threat.

If that second layer defence was also beaten, the next defence line in sequence would hopefully stop, quarantine, slows down, or detect the attack. So, a series of defences are implemented to make sure if one countermeasure is penetrated, the next is ready to defend, and so on.

In the next article, we are going to talk about Due Care and Due Diligence.

Another interesting topic that is worth waiting for. So, stay tuned.

Originally published at https://tech-wire.in on September 27, 2022.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Cybersecurity
Information Security
Information Technology
Firewall
Authentication

Krishnakumar Karancherry
Krishnakumar Karancherry

Written by Krishnakumar Karancherry

8 Followers
23 Following

Likes to read & write about technology

No responses yet

Write a response

What are your thoughts?

More from Krishnakumar Karancherry

See all from Krishnakumar Karancherry

Recommended from Medium

Lists

Spell AI Automation
An image by the author.
iPhone displaying the new intelligent Siri

Tech & Tools

23 stories409 saves

Medium's Huge List of Publications Accepting Submissions

414 stories4679 saves

Staff picks

827 stories1649 saves
Robot hand touching human hand

Natural Language Processing

1977 stories1622 saves
See more recommendations

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams