Skip to content
Shadow Cipher

AAA Security (Not Roadside Assistance)

Authentication Best Practices

  • Authentication

  • Authorization

  • Accounting

  • Identification
    The idea of describing an entity uniquely.

  • authn (for authentication)

  • authz (for authorization)

  • Risk mitigation

  • ILik3P0n1ez99

  • Incorporating good password policies into an organization is key to ensuring that employees are securing their accounts with strong passwords.

  • Length requirements

  • Character complexity

  • Dictionary words

Multifactor Authentication

A system where users are authenticated by presenting multiple pieces of information of objects

  • Something you know = Password/PIN

  • Something you have = ATM / Bank card

  • Something you are = Biometric ID

  • Physical tokens

  • OTP

  • TOTP

  • Time-based token

  • Network time protocol(NTP)

  • Counter-based tokens

  • Biometric authentication
    The process of using unique physiological characteristics of an individual to identify them

  • Universla 2nd Factor

  • Security keys

certificates

In order to issue client certificates, an organization must setup and maintain CA infrastructure to issue and sign certificates

  • Certificate revocation list (CRL)
    A signed list published by the CA which defines certificates that have been explicity revoked

LDAP

  • lightweight Directory Access protocol (LDAP)
    An open, industry-standard protocol for accessing and maintaining directory services

  • Data Information tree

  • organizational units (OUs)

  • Distinguished name

  • Bind

  • startTLS

  • Search

  • Add/delete/modify

  • Unbind

RADIUS

  • Remote Authentication Dial-In User service (RADIUS)
    A protocol that provides AAA services for users on a network

  • Extensible Authentication Protocol

Kerberos

A network authentication protocol that users “tickets” to allow entities to prove their identity over potentially insecure channels to provide mutual authentication

  • Authentication server
  • Ticket Granting service

TACACS+

Terminal Access Controller Access-Control System plus

  • TACACS+ is primarily used for device administration, authentication, Authorization, and accounting

Single Sign-On (SSO)

An authentication concept that allows users to authenticate once to be granted access to alot of different services and applications

  • OpenID

Authorization and Access Control Methods

  • Authorization
    Pertains to describing what the user account has access to, or doesn’t have access to

  • OAuth

Access Control

  • OAuth
    An open standard that allows users to grant third-party websites and applications access to their information without sharing account credentials

  • OAuth permissions can be used in phishing-style attacks to gain access to accounts, without requiring credentials to be compromised

Access contro List (ACL)

A way of defining permissions or authorizationd for objects

  • Access Control entries

Tracking usage and Access

  • Accounting
    Keeping records of what resources and services your users accessed, or what they did when they ere using your systems

  • Auditing

  • TACACS+ is a device access AAA system that manages who has access to your network devices and what they do on them.