Next up, we have our Triple A servers now triple A server stand for authentication,
authorization and accounting. Now, authentication, authorization and accounting servers are central repositories for user accounts, passwords and permissions. So they allow us to set how we authenticate a user
who someone is making sure they are who they say they are, what they're allowed to go to and then storing what that person has done. Storing user logs, security logs, things like that.
So what is it? What's the difference between authentication, authorization and accounting? Well, authentication is as we've talked about earlier, proving that you are who you say you are. Authentication is in the form of things such as passwords, ideas, badges, things like that. So our authentication is
saying we are who we say we are
like a driver's license.
Your driver's license is a form of authentication.
Next we have authorization. Authorization is what you're allowed to access on the network. Like our permissions.
The difference between authentication and authorization is the difference between going up to the front door of the White House and showing your driver's license and showing your your name on your credit card and showing your phone bill and saying, Hey, I am who I say I am. I can come in right? And they say, No,
Just because you can prove that you are who you say you are does not mean that you have the permissions does not mean that you have the authorization to be there, Doesn't you? Could prove who you are all day long. Doesn't mean that you're going to be able to go anywhere you want. You can prove that you are to who you are to a server
all day long. It doesn't mean that
you're going to be allowed to access this file if it's not yours. So that's the difference between authentication and authorization. And then lastly, we have accounting. So we have our
White House for authorization, and lastly, we have accounting. Accounting is tracking our account use and tracking our accent actions.
So it's going to be the logs that show when we've logged in, how many times we've reset our password? It's going to show things like what we did when we were logged in. What files? We changed, what what websites we tried to go to. An accounting is extremely critical, especially in environments where we need to have
non repudiation. We need to say, if file was changed
where file was deleted or someone brought a virus into our network, we can prove who it waas. And we can only do this with accounting. So the too big the two big components of our triple A in a non repudiation would be authorization and accounting
because we not only need to be able to prove that someone
we need to be able to prove that a certain person did something because they often they authenticated themselves into their account. But we also need to prove that
who did this? We need to be able to prove what account did this action. And we can only do this with accounting. Accounting is where we audit and we log and we track user actions. So we're talking about a triple A we're talking about. We're gonna be talking about our Triple A servers are authentication authorization in accounting servers.
We have our tax plus as well as our radius servers
and our authentication methods. And these are going to be our two main distinctions radius and tak. It's which will get into more description on both of those in just a second. Our Triple A servers, whether it's tak it's cluster radius, are going to provide a central repositories afford our user accounts
and for our passwords, as well as the permissions that those users have
and and also provide a degree of accounting for when they've logged in and what they've done and where they've gone. So we need to understand that these Triple A service this radius in this tax isn't necessary isn't just a isn't necessarily a protocol that we used to authenticate.
We still use other. We so use up
public key infrastructure. We still use V. P N's into our network in order to connect and make an encrypted connection. All our Triple eight Sobers do are providing an authentication and authorization and accounting we still use service is like Cobra Rose
in order to provide in orderto have ticket granting systems,
our radius and our tak, it's simply act as that authorization server that s for portion of the key distribution center in Arco Bro's. So all of this place together, triple A servers are not stand alone in a network environment.
We don't say Oh well, I have radius. In my environment,
that means I don't need I p sec or curb Rose or P K. I Yeah, you actually still need pretty much all of those. So
we need It is important to understand that our Triple A servers, much like our other protocols and much like many other parts of our network, which we've discussed don't work in a vacuum. They work in the integrate with many other portions. So now that we know about, we have gotten our overview of our Triple A service. Let's go ahead and dive in and let's take a look at radius.