Page 21 - StudyBook.pdf
P. 21

General Security Concepts: Access Control, Authentication, and Auditing • Chapter 1  5

                 stand the specific details of these protocols.The AAA requirements themselves can
                 be found in RFC 2989 located at http://tools.ietf.org/html/rfc2989.


                   Letters, Letters, and More Letters
               Head of the Class…  explained to avoid confusion. For general security study and the
                   It is important to understand the acronyms used in the Security+ exam.
                   For purposes of the Security+ exam, two specific abbreviations need to be

                   Security+ exam, AAA is defined as “Access Control, Authentication, and
                   Auditing.” Do not confuse this with Cisco’s implementation and descrip-
                   tion of AAA, which is “Authentication, Auditing, and Accounting.” While
                   similar in function and usage, the Security+ exam uses the first definition.
                        The second abbreviation requiring clarification is CIA. For purposes
                   of the Security+ exam, CIA is defined as “Confidentiality, Integrity, and
                   Availability.” Other literature and resources such as the Sarbanes-Oxley
                   Act and the Health Insurance Portability and Accountability Act of 1996
                   (HIPAA) guidelines may refer to CIA as “Confidentiality, Integrity, and
                   Authentication.”


                 What is AAA?

                 AAA is a group of processes used to protect the data, equipment, and confiden-
                 tiality of property and information.As mentioned earlier, one of the goals of AAA
                 is to provide Confidentiality, Integrity, and Availability (CIA). CIA can be briefly
                 described as follows:

                      ■  Confidentiality The contents or data are not revealed
                      ■  Integrity The contents or data are intact and have not been modified

                      ■  Availability The contents or data are accessible if allowed
                    AAA consists of three separate areas that work together.These areas provide a
                 level of basic security in controlling access to resources and equipment in networks.
                 This control allows users to provide services that assist in the CIA process for fur-
                 ther protection of systems and assets. Let’s start with basic descriptions of the three
                 areas, and then break each down to explore their uses and the security they pro-
                 vide. Finally, we will work with examples of each AAA component.










                                                                              www.syngress.com
   16   17   18   19   20   21   22   23   24   25   26