Differentiate authentication, authorization, and accounting concepts

Differentiate authentication, authorization, and accounting concepts

Authentication, Authorization, and Accounting (AAA) is an architectural framework to gain access to computer resources, enforcing policies, auditing usage, to provide essential information required for billing of services and other processes essential for network management and security. This process is mainly used so that network and software application resources are accessible to some specific and legitimate users. Two widely accepted AAA protocols are RADIUS and TACACS+.

Authentication

For the user to perform certain tasks or to issue commands to the network, he must gain authorization. It determines the extent of access to the network and what type of services and resources are accessible by the authenticated user. Authorization is the method of enforcing policies.

Authorization

For the user to perform certain tasks or to issue commands to the network, he must gain authorization. It determines the extent of access to the network and what type of services and resources are accessible by the authenticated user. Authorization is the method of enforcing policies.

Accounting

In this stage, the usage of system resources by the user is measured: Login time, Data Sent, Data Received, and Logout Time. Accounting Process is carried out by logging out the session statistics and usage information and is used for authorization control, billing, resource utilization.

RADIUS and TACACS+

The main differences between RADIUS and TACACS+ can be tabulated as below.

RADIUSTACACS+
RADIUS uses UDP as Transport Layer ProtocolTACACS+ uses TCP as Transport Layer Protocol
RADIUS uses UDP ports 1812 and 1813 / 1645 and 1646TACACS+ uses TCP port 49
RADIUS encrypts passwords onlyTACACS+ encrypts the entire communication
RADIUS combines authentication and AuthorizationTACACS+ treats Authentication, Authorization, and Accountability differently
RADIUS is an open protocol supported by multiple vendorsMainly used for Network Access
RADIUS is a light-weight protocol consuming less resourcesMainly used for Network Access
RADIUS is limited to privilege modeTACACS+ supports 15 privilege levels
Mainly used for Network AccessMainly used for Device Administration

Pros & Cons

The Prons:

  1. AAA framework increases the scalability of a network: Scalability is the property of a system to handle a growing amount of work by adding resources to the system.
  2. It causes increased flexibility and better control of the network.
  3. It helps maintain standard protocols in the network.
  4. RADIUS allows for unique credentials for each user.
  5. IT Admins will have a central point for the user and system authentication.

The Cons:

  1. On RADIUS Servers, Configuration and Initial setup can be complicated and time-consuming.
  2. It is a very hard choice to determine which is the best RADIUS server software and implementation model for your organization.
  3. Maintenance can be difficult and time-consuming for on-prem hardware.
Leave a Reply
Your email address will not be published. *