Security Terminology
Many of the terms presented in the other chapters of this book are familiar or easily interpreted
from the context. This chapter’s terms differ slightly because they might not be as familiar.
Treat this list as a high-level introduction to these security components, but realize that more
detail will be provided throughout the chapter:
Authentication
The
authentication
function answers the fundamental question: Who is the
user? By performing this function, you ensure that unwanted intruders will be denied access to
the network while other users will be permitted. The user’s identity can then be used to determine
access permissions and to provide an audit trail of activity.
Authorization
The
authorization
function often works in concert with authentication. It provides
a means for defining which network services will be available to the authenticated user.
Accounting
Accounting
is an optional function in AAA; however, it is responsible for the
auditing process, which can greatly enhance the security of the network. Accounting can also
log the activities of the user, including the time that they start and stop their connection.
RADIUS
Remote Access Dial-In User Service (RADIUS)
is a protocol that is used to communicate
between the remote access device and an authentication server. Sometimes an authentication
server running RADIUS will be called a
RADIUS
server
.
TACACS+
Enhanced Terminal Access Controller Access Control System (TACACS+
is a protocol
similar to RADIUS. Sometimes the server is called a
T-plus
or
T+
server
.
Security server
A
security server
runs the protocol—TACACS
+
or RADIUS—that is used to
provide AAA services. It should be secured and redundant, especially if it provides business-critical
access control. CiscoSecure is Cisco’s version of this type of server and is available on Windows NT
and Unix.