CyberSecurity: The AAA Framework

-




Let’s face it – cyber security is the cornerstone of how the digital world operates. Without it, hackers can easily penetrate important computer systems and gain unauthorized access to the precious data that defines us. Imagine the chaos unleashed if we didn’t have concrete measures implemented to safeguard our data.  Big organisations will have to shut down and the economy would plummet to rock bottom - the whole world would be brought down to its knees in no time. We already know that cyber security is based on the Confidentiality, Integrity and Availability pillars that form the CIA triad. Yet what are the actual methods that are put in place to adhere to this? Enter the AAA framework – Authentication, Authorization and Accounting. Although these words may appear to be mere synonyms of each other at first, they are three completely different and vital concepts of cybersecurity. Before we get into further details, let’s establish some basics. A framework is the underlying structure of a system. The AAA framework is a method of analysing the security of computer systems in a simplistic manner. This is generally used by companies and businesses or even the software on your computer and mobile device.

 

Authentication

You have just returned from a lovely holiday - how do you enter your house again? The answer seems to be a no-brainer – you use a key to unlock the door. It also ensures that nobody else can enter your house whilst you’re away, so your belongings are well out of harm’s way. In cybersecurity, authentication is no different. Authentication is simply asking the user one question – are you who you claim to be? To understand authentication, it is imperative to understand the concept of identification. Identification is your claim – for example, when you mention what your name is, you are claiming to be a certain entity. Authentication is the concept of proving that claim. By unlocking your house door, you are authenticating that you are the house owner (your identification). Likewise, when you log into a computer, you must enter its corresponding password to prove that you are the designated user. This is called Single-Factor Authentication (or SFA). However, there is one catch – how can you stop anyone with malicious intent from gaining access to a computer system without your permission? All it takes is for them to find one piece of information to help back their false claim – your password. Multi-Factor Authentication (or MFA) is a better option. As you can probably figure out, this is a method of authentication that utilises not one, but multiple factors that prove that you are who you claim to be. These factors include what the user knows (like a password), what the user has (security token) and who the user is (biometrics). For example, one can gain access to a system by scanning his/her fingerprint (biometrics to prove who you are) followed by entering a PIN to thoroughly prove your claim.

 

Authorization

When you unlock the door to your house and step inside, logic dictates that you only see your belongings in your property. You are not permitted to see the interior of your neighbour’s house and their items. In cybersecurity, this is what we refer to as authorization – what you are meant to see and what you are not. You may have authenticated yourself into the house, but that doesn’t mean you can see absolutely everything. Some information may not be relevant to you – you see what you need to see. So, how does a computer system dictate what information you are required to gain access to? Role-based access control, or RBAC, works best here. Imagine you work as a developer for AkellaTech Inc – you work with code and spend most of your time creating applications for the company. All you really need to know is the information about your projects as well as any related concerns. You do not, however, need to see information about the financial status of the organisation or the salaries of your colleagues unless it is relevant to the application you are creating. This access control uses the security principle of the least privilege model, which refers to the amount of privilege that is needed for one’s job.

 

Accounting

How do you explain to a friend what you did over the weekend? You tell them that you did lots of activities and tasks – these form a detailed account as your response. Accounting in cybersecurity is the same. You list all the little things the user has done and compile them into one big report. This then quite literally translates to the question – what did you do? What makes accounting so vital to computer systems and organisations? For starters, if there is a breach in a system, accounting methods can be used to discover who was responsible or reveal a few clues. Three common methods of accounting are logs, web browser history and tracking. Web browser history is rather easy to understand – all web browsers track where you’ve gone and what kind of websites you have visited. They use something called a HTTP Cookie, which are enabled to save little pieces of data that help identify your computer whilst on the network. Logs are similar, only they record your actual computer’s events and is not restricted to just your web browser. It can track things such as the applications that you opened and what kind of activities you performed whilst on them. Finally, tracking refers to how the OS (operating system) observes your activity and geographic location. 


In conclusion, we now know how the AAA framework can relate to cybersecurity and why it is so important for computer systems to implement. Little measures such as enabling MFA as opposed to single factor authentication or enabling access controls and logging can go a long way in protecting your personal information. In the world of technology, you can never trust anybody or anything completely. It is undeniable that hackers are getting smarter by the minute causing security to be tested time and time again. Cybersecurity will no longer be the defender of companies, but the defender of our technologically advancing world and its future.  


Comments

Post a Comment

Popular posts from this blog

World Autism Awareness Month

-
Image
  Today on Akella Tech, we'll be talking about something that is not about tech. Shocker. That's right, I've decided to take a digression for this particular post as this month is quite special to me yet is something that not many people know about. April marks the World Autism Awareness Month.  Before we proceed, let's take a moment to clarify what autism really is and run through some common misconceptions. Autism, otherwise referred to as ASD (Autism Spectrum Disorder) is a type of disability that can severely impact one's social, sensory and self-controlling skills. It is important, however, to note that ASD is not a disease - it's just a different ability. It's a neurological disorder, so you can't easily identify who has it just by looking at someone.  So why should we educate ourselves about this disorder? Well, Autism is one of the fastest growing disabilities in the world - in fact, it is estimated that around 700 000 people in the UK are diagno
Read more

My Journey As A Young Carer

-
Image
  November 11, 2015. The diagnosis results from Achieving For Children came through to our inbox. What we discovered was not just surprising, but life-changing. At only two years of age, my brother was diagnosed with severe Autism. Now at the outset, this may not seem like a colossal setback. After all, we now know 1 in 100 people are diagnosed with ASD and that we should become more acceptable of people with disabilities. However, this day saw what was once a peaceful and close family almost collapse. My hopes of experiencing   the love and affection of a younger brother would be washed away. At the time, I will admit, I had very little knowledge about the situation, but for all I knew, I was back to being that lonely child. Not having what you desire most is painful, but having something you desire but can never use is even worse. It seemed as if everything could only go downhill from there. Not only had my idea of the life ahead for me seem restricted and isolated, but we were a
Read more

The Political Crusades: Independent India

-
Image
  “You won’t need swords to kill the Muslims because swords won’t be enough to kill them. You’ll have to evolve in your technique – they have better weapons than you” These were the words of a right-wing activist during a religious conference late last year in the Indian city of Haridwar. A call for the unleashing of genocide against the 200 million Muslims living in what is conceived as the World’s Biggest Democracy.  What followed was the painful picture of a Hindu mob surrounding the local Mosques, striving to raze it to the ground. They argue that once upon a time, where these Mosques are, stood a Hindu temple. Now you may be wondering, where are the police? Where is the government? It’s imperative to understand that Narendra Modi’s (PM of India) ruling party BJP is in fact a far right-wing and religiously extremist political party, championing the supremacy of the Hindu religion and the rebuilding of a Hindu nation, or Hindutva. Coming back to Narendra Modi, he was a long time lea
Read more