Authentication, Authorization, and Accounting

Regarded as distinct elements, authentication, authorization, and accounting (AAA) all work cooperatively
to establish and enforce a security model. This model is the result of a
security policy
, which
should define an overall set of standards that will be used by the organization to secure and protect
its assets. This policy can include definitions of access rights that will be assigned to different groups
and the protocols that will be used for various functions. For example, one policy statement might
include that TACACS
+
is the sole protocol used and that SSH, a secure tool used for administration,
is preferred over Telnet.

It is important to understand how authentication, authorization, and accounting work
together to promote and support a security model. In this chapter, you will learn about how
AAA works, as well as how AAA functions in Cisco’s router access modes. AAA services are
the basic tenet of Cisco remote access solutions, and, although their presentation has been left
to the end of the book, you should find that the Physical and Network layers supplement these
concepts well. This includes physical security, the use of access lists, static or authenticated IP
routing, and other security techniques.