Introduction

In this Read it will be addressed what is the AAA framework and its functionality and the RADIUS authentication. Futhermore, it will be also addressed what is Defense in Depth.

AAA framework

AAA stands for Authentication, Authorization and Accounting. It is a fundamental security framework for controlling a user's access to a network, determining access levels or users privileges based on policies and user identity, and keeping track of the user's activities.

The figure below shows the "Big Picture" of how the AAA framework works.

ACS vs. NAS

ACS and NAS are both types of network devices that are used in the context of AAA (Authentication, Authorization, and Accounting) to control access to network resources.

ACS stands for Access Control Server, which is a centralized server that is used to manage user authentication and authorization for network devices. ACS typically works by communicating with network devices, such as routers and switches, to determine whether a user should be granted access to specific network resources.

NAS stands for Network Access Server, which is a network device that is used to provide access to network resources. NAS devices typically work by authenticating users through a centralized authentication server, such as an ACS. Once a user is authenticated, the NAS device can then authorize access to specific network resources based on the user's permissions.

In the context of AAA, ACS and NAS work together to control access to network resources. ACS is responsible for managing user authentication and authorization, while NAS is responsible for providing access to network resources based on the user's permissions.

Questions

• Explain each of the three A’s as you would to a non-technical family member. Use an analogy or a story.

-> Authentication is like when you want to renew you citizen card. Just like it is necessary to confirm your identity, a computer system needs to confirm your identity before letting you access sensitive information.

-> Authorization is like when you are at a football's stadium. Just like it is necessary to verify the ticket before it is granted access to the cabin, a computer system needs to confirm that you have permission to access specific network resources.

-> Accounting is like when you go to the supermarket. Just like you keep track of your purchases to make sure you're not overspending, a computer system needs to keep track of who is accessing what resources and for how long.

• What should the administrator do if the ACS server fails to authenticate a user during AAA implementation?

It can be taken the following steps:

1. Check the authentication settings

2. Check network connectivity

3. Check the user's account status

4. Check logs

• What is the role of the NAS in the AAA implementation using an ACS server? Use a diagram.

The NAS is a device that provides access to network resources and communicates with an ACS (Access Control Server) to authenticate users and enforce security policies.

RADIUS

RADIUS (Remote Authentication Dial-In User Service) is a network protocol that provides centralized authentication, authorization, and accounting (AAA) services for network devices. It is a client/server protocol and system that enables a server to authenticate dial-in users, authorize their access to the network, and keeps track of their activities.

The figure above shows the "Big Picture" of the architecture of how the RADIUS protocol works.

The word "Remote" in RADIUS is misleading:

• RADIUS is not just for remote users as its name suggests, but it can be used for local users;
• For local users it can be through wireless or wired connection.

Let's see the figure below:

1. UserID: Vasco; Password: egnsduv
2. Authentication Request
3. Compares with the user database
4. Authentication ACK
5. Records in Accounting Database
6. Approval to laptop

What is Defense in Depth?

Defense in Depth is an approach to cybersecurity in which a series of defensive mechanisms are layered in order to protect valuable data and information.

Relies on the military rule that it is far more difficult for an adversary to overcome a complex and multi-layered security framework that to infiltrate a single barrier. Defense inside, outside, and in between limits the likelihood that intruders will succeed.

A well-structured methodology of this sort can likewise help executives and security teams discover users who attempt to compromise a device, server, security system, or other barrier.

With Defense in Depth, security layers would include threat detection, antivirus programming, firewalls, anti-spyware programs, complex passwords, multi-factor authentication (MFA), and biometric authentication.

Questions

• What are the benefits of using RADIUS for authentication and authorization?

Centralized management: RADIUS provides centralized management of authentication and authorization for network devices. This means that administrators can manage user accounts and access policies from a single location, making it easier to ensure consistent security across the network.

Scalability: RADIUS is highly scalable and can handle authentication and authorization requests from a large number of devices and users. This makes it suitable for use in large enterprise networks with many users and devices.

Secure: RADIUS uses strong encryption to protect sensitive user information during authentication and authorization. It also provides secure communication between the authentication server and the NAS device, ensuring that user credentials are not transmitted in plaintext over the network.

Flexibility: RADIUS supports a wide range of authentication and authorization methods, including username and password, digital certificates, and biometric authentication. This allows organizations to choose the authentication method that best suits their security needs and infrastructure.

Auditing and reporting: RADIUS provides detailed logging and auditing capabilities, allowing administrators to monitor and analyze authentication and authorization activity on the network. This can help identify security threats and ensure compliance with regulatory requirements.

• What is RADIUS and what does it stand for?

RADIUS stands for Remote Authentication Dial-In User Service. It is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) for users who connect and access network resources via remote access servers such as VPN servers or wireless access points.

RADIUS allows organizations to authenticate and authorize remote users before granting them access to network resources. It also provides a way to track and log user activity for accounting and auditing purposes.

• Research: What encryption algorithms does RADIUS use?

"The RADIUS server runs on TLS and can be configured to authenticate users with EAP-TLS, EAP-TTLS-PAP, or PEAP-MSCHAPv2.", by https://www.cloudradius.com/radius-authentication-how-it-works/

REFERENCES

1 - https://www.youtube.com/watch?v=feHpDc1cLXM

2 - https://www.youtube.com/watch?v=JynPMcC4XmI

3 - https://www.youtube.com/watch?v=i0l6UCiybRI

4 - https://www.professormesser.com/network-plus/n10-008/n10-008-video/defense-in-depth-n10-008/

5 - https://www.forcepoint.com/cyber-edu/defense-depth

6 - https://www.hypr.com/security-encyclopedia/defense-depth