Authentication, authorization, and accounting (AAA) is a framework or security principal that focuses on the concepts of identification, authentication, authorization, auditing, and accounting. Following this framework leads to a more effective security design.
Identification uniquely identifies the authenticating entity, for example, using a unique username or user ID number.
Authentication is the process of proving the identity of the requesting entity. An example of authentication is providing the username and then the password to prove that the subject is the claimed identity, since they know the password.
Authorization is the process of verifying the access and privileges of the authenticated entity. This determines if the user has permissions to perform operations on an object. An example of these permissions would be to check if the user has write permissions on a file before the system allows the user to make changes to that file.
Auditing is the process of tracking the actions of an entity throughout the system and creating a record of it through mechanisms like logging. Auditing supports accountability if logs are effectively created, stored, and secured to show what each unique entity has done on the system.
Applying these security principals is recommended when planning the implementation of this DVD.
A specific example is to ensure that the Ubuntu OS enforces users and services to always be uniquely identified and authenticated. Privileges should be defined for each type of account or role, and the OS is configured to audit user and services actions. Ideally, logs are centralized in a solution like a security incident and event management (SIEM) for secure and centralized storage with added benefits such as event correlation. The IEEE 802.1X standard supports port-based authentication for connecting devices over Ethernet. Implementing 802.1X is recommended for devices connecting to the network in the LAN, such as IP cameras if supported.
At a high level, IEEE 802.1X supports the AAA framework by identifying, authenticating, and then authorizing the device to connect to the Local Area Network (LAN). RADIUS is a protocol that supports 802.1X and the AAA framework. RADIUS also supports the logging of important events, such as connection requests. Open source and commercial implementations of RADIUS are available to support this functionality. Organizations can also investigate a more secure implementation of RADIUS, such as Diameter.