The acronym AAA stands for “Authentication, Authorization, and Accounting”. It defines an architecture which authenticates and grants authorization to users and, and afterwards accounts for their activity. When AAA is not used, the architecture is described as “open”, where anyone can gain access and do anything, without any tracking.
The responsibilities of of each component can be summarized as follows:
- Authentication: Is this a valid user for this system?
- Authorization: What permissions and access does this user have?
- Accounting: What did this user do on the system?
It is possible to incorporate only a portion of AAA in a system. For example, if a company is not concerned about billing users for their network usage, they may decide to both authenticate and authorize users, but ignore user activity and not bother with accounting. Similarly, a monitoring system will look for unusual user activity (accounting), but may cede the authentication and authorization decisions to another part of the network.
What are the benefits of AAA?
AAA ensures the flexibility of network policies and gives administrators the ability to move systems.
AAA has been in common use since the early 1990s for medium to large networks. Generally speaking, small organizations can be managed without an AAA system, particularly where access to the network is largely constrained by physical access. The threshold for needing the flexibility and scalability that AAA provides is usually around 40-50 users.
What are some examples of AAA?
RADIUS is one of a number of Authentication, Authorization, and Accounting protocols. FreeRADIUS is an open source implementation of the RADIUS protocol and is the most popular RADIUS server in the world. Another example of an AAA protocol is Diameter.
Where is AAA used?
Today, the proliferation of mobile devices, diverse network consumers, and varied network access methods combine to create an environment that places greater demands on AAA. AAA has a part to play in almost all the ways we access a network: wireless hotspots use AAA for security; partitioned networks require AAA to enforce access; all forms of remote access use AAA to authorize remote users.
Need more help?
InkBridge Networks has been at the forefront of network security for over two decades, tackling complex challenges across various protocols and infrastructures. Our team of seasoned experts has encountered and solved nearly every conceivable network security issue. If you're looking for insights from the architects behind some of the internet's most foundational authentication systems, you can request a quote for network security solutions here.
Related Articles
Client Case Study: RADIUS AAA Policies
One of our clients with a support contract had performance issues. We tracked this down to inefficient usage of AAA policies. Having tuned the policies the load on our client’s database dropped by a factor of 400 which saved them from an expensive hardware upgrade.
RADIUS AAA
RADIUS is the core of our business. We have world-leading experience with the protocol. We can help you with all aspects of Authentication, Authorization, and Accounting. That isn’t all. Our expertise is with RADIUS systems, not just the basic RADIUS server. This means that we have an extensive background in SQL, LDAP, Active Directory, 802.1X, and any related technology, protocol, or server implementation.