Security Solutions
1-10
Access Control Concepts
Network Access Control Technologies
■ Other settings for the connection such as rate limits and quality of service
(QoS) settings
These settings affect how a user accesses network resources, rather than
which resources a user accesses. For example, you can limit a user to 10
Mbps of bandwidth, or you can assign guest users’ traffic low priority.
Accounting
Accounting, the third AAA function, collects information from NASs about
users and their activities.
At a minimum, accounting logs users’ authentication requests, creating a
record of who has logged in to the network (initial request) and logged out
(final request). Just as important for network security, NASs log rejected
authentication requests, clueing you in to potential attempts to infiltrate the
network.
Accounting reports include information about access requests such as:
■ Username
■ Date and time
■ Transaction type
■ NAS ID
■ User location (for example, the NAS port ID)
■ Amount of data exchanged (reports on ongoing or terminated
connections)
Although tracking users as they log in and out of the network is important, it is
equally important to monitor what they actually do on the network. Many NASs
also send periodic reports on connected users, which update the accounting
server on the resources that the user has accessed during that period.
A security analyst (usually aided by a security solution) can analyze account-
ing logs to:
■ Establish a baseline for normal network activity, which can be used for
resource planning and for comparison with future network activity
■ Check for suspicious activity (for example, significant deviations from the
normal activity baseline or multiple rejected access requests)
■ Trigger preemptive action to address suspicious behavior (for example,
shutting down the source port generating rejected requests)
■ Create reports that demonstrate compliance with regulations such as the
Sarbanes-Oxley Act