Aaa Triad
First thing I had to do was figure out what the AAA triad was, after a little researching on the internet I figured out it meant; Access control, Authentication, and Accounting.
Access control manages which individual or accounts may interact with certain resources and makes the decisions on which kind of operations these individuals or accounts can perform. Access control usually uses some type of identity which may be associated with a specific individual or account. After reading about access control a little, the way I think about is, I relate it to my work. With our computers at work we have one civilian that creates files on our share drive. Well when he creates these files he have the access control to those files and decides who has access to open them and who doesn’t. Once he decides who has access then he decides which person can edit those files. This helps him security wise so he doesn’t have just a random sailor messing with his files so they don’t get deleted. Authentication is how you verify a user’s identity through the use of a shared secret (like a password), a key, or biometric measure (like a fingerprint). Again, at my work we use this as well to determine who can enter our building. When you check on board, you take your military ID and have your common access card (CAC) put in a machine which puts an access control in it allowing you to the building. Then you pick a password to type in so it will let you enter the building. Since we deal with top secret material on our top floor we only allow certain personnel in. This is a great security measure, so if someone that would want to enter our building and steal secret material they won’t be able to enter the building because their ID would not work in the door.
Accounting tracks and records the operations and activities done by the individuals or accounts while they’re active in a system or working environment. Once again, at my work, the IT department uses accounting to track our
Access control manages which individual or accounts may interact with certain resources and makes the decisions on which kind of operations these individuals or accounts can perform. Access control usually uses some type of identity which may be associated with a specific individual or account. After reading about access control a little, the way I think about is, I relate it to my work. With our computers at work we have one civilian that creates files on our share drive. Well when he creates these files he have the access control to those files and decides who has access to open them and who doesn’t. Once he decides who has access then he decides which person can edit those files. This helps him security wise so he doesn’t have just a random sailor messing with his files so they don’t get deleted. Authentication is how you verify a user’s identity through the use of a shared secret (like a password), a key, or biometric measure (like a fingerprint). Again, at my work we use this as well to determine who can enter our building. When you check on board, you take your military ID and have your common access card (CAC) put in a machine which puts an access control in it allowing you to the building. Then you pick a password to type in so it will let you enter the building. Since we deal with top secret material on our top floor we only allow certain personnel in. This is a great security measure, so if someone that would want to enter our building and steal secret material they won’t be able to enter the building because their ID would not work in the door.
Accounting tracks and records the operations and activities done by the individuals or accounts while they’re active in a system or working environment. Once again, at my work, the IT department uses accounting to track our