5.1.2. Identity and Access Management

AAA Framework:

• Authentication: Prove who you are (credentials, certificates, biometrics)
• Authorization: What you're allowed to do (permissions, roles)
• Accounting: Record what you did (audit logs)

Authentication Methods:

• Multi-factor (MFA): Combines something you know (password), have (token), or are (biometric)
• Certificate-based: PKI certificates prove identity
• SSO (Single Sign-On): Authenticate once, access multiple systems
• LDAP: Directory service for centralized identity management

AAA Protocols:

• RADIUS: Remote Authentication Dial-In User Service—common for network access
• TACACS+: Cisco protocol—separates authentication, authorization, accounting; encrypts entire payload