1 00:00:06,690 --> 00:00:10,610 - AAA stands for authentication, authorization, 2 00:00:10,610 --> 00:00:13,420 and accounting. Authentication is the process 3 00:00:13,420 --> 00:00:17,560 of providing the identity of a subject or a user. 4 00:00:17,560 --> 00:00:20,090 Once the subject has identified itself, 5 00:00:20,090 --> 00:00:24,680 the enforcers has to validate the identity that is, y'know 6 00:00:24,680 --> 00:00:26,410 to be sure that the subject, 7 00:00:26,410 --> 00:00:30,220 or the user is the one that he claims to be. 8 00:00:30,220 --> 00:00:33,720 This is done by requesting a subject, or a user to 9 00:00:33,720 --> 00:00:37,840 provide something which is unique to the requester. 10 00:00:37,840 --> 00:00:40,290 There are several authentication methods out there. 11 00:00:40,290 --> 00:00:42,480 The first one is authentication by knowledge. 12 00:00:42,480 --> 00:00:45,650 And that's something that the user knows, something 13 00:00:45,650 --> 00:00:47,600 like a password or a PIN. 14 00:00:47,600 --> 00:00:50,070 The next one is authentication by ownership, 15 00:00:50,070 --> 00:00:52,580 which is something that the user owns. 16 00:00:52,580 --> 00:00:57,380 An example of that is a smart card, or a batch, or a token. 17 00:00:57,380 --> 00:00:59,990 And then authentication by characteristics. 18 00:00:59,990 --> 00:01:04,040 And that's actually something that the user is, 19 00:01:04,040 --> 00:01:06,000 or is not, right? 20 00:01:06,000 --> 00:01:09,910 So that means things like, y'know, biometric, y'know, 21 00:01:09,910 --> 00:01:13,650 authentication like fingerprinting, hand geometry, 22 00:01:13,650 --> 00:01:16,150 the keystroke, or the dynamic keystroke 23 00:01:16,150 --> 00:01:20,030 of the user and other, y'know, methodologies. 24 00:01:20,030 --> 00:01:22,400 Now authorization is the process 25 00:01:22,400 --> 00:01:25,030 of granting access to objects, 26 00:01:25,030 --> 00:01:27,903 or a resource of, y'know, to a specific subject. 27 00:01:28,800 --> 00:01:30,670 And this typically happens 28 00:01:30,670 --> 00:01:33,280 after the subject has completed the 29 00:01:33,280 --> 00:01:35,373 authentication, y'know, process. 30 00:01:36,380 --> 00:01:38,000 An authorization policy 31 00:01:38,000 --> 00:01:41,100 should implement two different concepts. 32 00:01:41,100 --> 00:01:45,610 Implicit deny, and that means that if no rule is specified 33 00:01:45,610 --> 00:01:50,530 for the transaction subject or, or for an object, 34 00:01:50,530 --> 00:01:54,140 the authorization policies should deny the transaction. 35 00:01:54,140 --> 00:01:58,220 And then, the second one is a need to know basis. 36 00:01:58,220 --> 00:02:01,820 So they need to know is where a subject should be 37 00:02:01,820 --> 00:02:04,130 granted access to an object only 38 00:02:04,130 --> 00:02:06,570 if the access is needed to carry 39 00:02:06,570 --> 00:02:09,403 out the job of that subject or that user. 40 00:02:10,530 --> 00:02:14,350 Now accounting is the process of auditing and monitoring 41 00:02:14,350 --> 00:02:19,350 what a user does once a specific resource is accessed. 42 00:02:19,980 --> 00:02:22,680 This process is sometimes overlooked. 43 00:02:22,680 --> 00:02:26,040 However, as a security professional it is important 44 00:02:26,040 --> 00:02:28,620 to be aware and to advocate 45 00:02:28,620 --> 00:02:30,970 that accounting is implemented due 46 00:02:30,970 --> 00:02:34,580 to the great help that it provides during the detection 47 00:02:34,580 --> 00:02:36,993 and investigation of cybersecurity breaches. 48 00:02:37,920 --> 00:02:39,900 When accounting is implemented 49 00:02:39,900 --> 00:02:43,430 an audit trail is created and stored 50 00:02:43,430 --> 00:02:47,280 detailing when the user has accessed the resource, 51 00:02:47,280 --> 00:02:49,890 what the user did whenever, y'know, 52 00:02:49,890 --> 00:02:52,400 it was actually accessing that resource, 53 00:02:52,400 --> 00:02:57,110 and when the user stopped using that resource. 54 00:02:57,110 --> 00:03:00,550 Now, given the potential of sensitive information included 55 00:03:00,550 --> 00:03:04,740 in audit logs, special care should be taken in 56 00:03:04,740 --> 00:03:07,853 protecting them from unauthorized access.