Authentication, Authorizing and Accounting(AAA)

Wikipedia: In computer security, AAA commonly stands for authentication, authorization and accounting. It refers to a security architecture for distributed systems, which enables control over which users are allowed access to which services, and how much of the resources they have used.
http://en.wikipedia.org/wiki/AAA_protocol

Search Security: Authentication, authorization, and accounting (AAA) is a term for a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services.
http://searchsecurity.techtarget.com/definition/authentication-authorization-and-accounting

Cisco: Access control is the way you control who is allowed access to the network server and what services they are allowed to use once they have access. Authentication, authorization, and accounting (AAA) network security services provide the primary framework through which you set up access control on your router or access server.http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfaaa.html

In summary, AAA is a set of security rules or protocols which provides secure control over your network, allowing or disallowing traffic intelligently. There may a specialised server to carry out these commands, and a database to store certain security information. There are three roots to this process, which I will further discuss.

Firstly, Authentication.
Authentication speaks of identifying a user through his/her credentials before being authorized. This process is based on unique methods for gaining access.

For example, a security card, a code, a password, biometrics and so on.

The AAA server will then compare this with its database, searching for a match. If there is no match, or the system fails to compare with the correct credentials, access will be denied. Else, access is granted which will be based on the next root, Authorizing.

Cisco says: Authorization provides the method for remote access control, including one-time authorization or authorization for each service, per-user account list and profile, user group support, and support of IP, IPX, ARA, and Telnet.

Access will be given if user fulfils all the criteria the AAA server is looking for. Such as a combination of username and password, or even matching biometrics. The heart of Authorization depends on the stored information inside of the AAA server. Any user wanting to clear for authorisation must have a record inside the database of the AAA server, or must provide enough information before being authorized by the AAA protocol. This is so that the AAA can recognise the user, and process information upon him and granting him access to the system.

So once a user clear for the system, the AAA is finished? The answer is no.

Wikipedia has this to say: Real-time accounting refers to accounting information that is delivered concurrently with the consumption of the resources. Batch accounting refers to accounting information that is saved until it is delivered at a later time. Typical information that is gathered in accounting is the identity of the user or other entity, the nature of the service delivered, when the service began, and when it ended, and if there is a status to report.
How then does accounting come into play then? Is it even a security measure?

Accounting has a great role to play in the AAA protocol, which the AAA server will have to carry out when instructed. I believe that AAA may be the most powerful security aspect in this area. Because Authentication and Authorizing may be at the front line of security tasks, accounting a great deterrent to anybody trying to breach the system protected by AAA.

To do this, the Accounting aspect will record any information about the session of a user. This may include the amount of time or data a user has sent or received. This can be carried out by logging of sessions statistics and information of usage and is designed for authorization control, trend analysis, resource utilization and capacity planning activities.

With Accounting, administrators can monitor every movement of a user, whether if someone is abusing their privileges or carrying out threats to the system by planting malicious software. Furthermore, administrators can better improve their systems through accounting by revoking several rights of a suspicious user, or a user who do not require that much access to the system.