Basically, the skeleton of a Network Security Architecture comprises of three main components, Authentication, Authorization and Accounting, as these three functions are able to provide network security with three core questions about the user, namely, Who are you? (Authentication), What can you do/access? (Authorization) and What did you do/ how long/ how often? (Accounting).
By these questions, the system is able to provide validation and identification for users who use their services as well as procuring a log from their activities.
In each component, there are various technologies that can be utilised to implement them, in Authentication, devices such as token cards or one time passwords can be used to match valid users, ageing passwords or static passwords can also be assigned to users/created by users, which would of course increase usability but result in a weaker form of authentication. An example of a one time password being used is that a list of one-time passwords is generated by a hash function, and sent to the user over the network whereby the workstation would accept each password for one day only.
In Authorization, it is a function that determines whether a user is allowed to have access to perform certain tasks or use certain applications/programs. Authorization can be determined by restrictions such as physical location, time-of-day, as well as multiple entries by the same user.The types of services in Authorization include IP Address filtering, encryption, route assignment, bandwidth control, etc.
Finally in Accounting, the main section of which is the logging of network resource consumption by users is required for purposes such as capacity management, trend analysis, cost allocation, billing, as well as recording failures in the Authentication and Authorization components. Accounting can be implemented in batch, referring to accounting information that is saved until delivered at a later time, or real time, accounting information delivered concurrently with the consumption of resources. Information gathered would be such as identity of user, nature of service delivered, time frame of service and whether there is a status to report.
Hey BJ!
ReplyDeleteNice work you have! By the way, in your first part, under Authentication, you mentioned that ageing password or static password would increase useability but result in weaker form of authentication. However I feel that ageing password does not increase useability, it rather decrease useability in my opinion, due to the fact that you have to change your password for example, every three months. If you don't change, the system will keep bugging you, which does not really prove to increase useability. However, I might be wrong, we might be talking about different useability here hahaha. Correct me if so!
All in all, good work you have there! If possible, list your references, unless you did it alllll with everything stored in your brain ;)
Hi bj!
ReplyDeleteNice work you have there, although i would rather give my comments to you on msn now but its alright i will share it here. Your post is good, nice explanation of concepts and and what the different A's in AAAs do.
Thanks for enlightening me!
Hilo, watashi wa Weijie desu~
ReplyDeleteI feel your report is very thorough and it allows me to understand this topic very well. My favourite part of your post would be the introduction which is "Basically, the skeleton of a Network Security Architecture comprises of three main components, Authentication, Authorization and Accounting, as these three functions are able to provide network security with three core questions about the user, namely, Who are you? (Authentication), What can you do/access? (Authorization) and What did you do/ how long/ how often? (Accounting)."
Jiayou~~