Advertisment
Implementation Guides

Accounting Management

author-image
PCQ Bureau
New Update

While it's important to track the devices on your network, it's also essential to keep track of how your users are using the network. That's the job of accounting management. It's about measuring network utilization so that the individual or group usage of the network can be properly regulated. This ensures that the users have proper access to all network resources that they're allowed to access. For this, you also need to define an AUP (Acceptable Usage Policy) for the users. 

Advertisment

Accounting management tracks the users' utilization of the network, the kind of traffic flowing and how long the users stay connected to the network. This enables one to know whether there's been a violation of the AUP and warns users about it. Accounting management helps to mitigate risks (worms, virus), increase network service and security. This enables better network service for mission-critical applications, improved network performance and appropriate resource allocations.

RADIUS

Remote Authentication Dial-in User Service is a multi-user SNMP-enabled client-server security tool used in computer networks to provide user authentication and accounting. The RADIUS software can read several kinds of password databases, and use several kinds of authentication schemes such as PAP and CHAP.



The client is the entity holding username and password information, while the server is the
entity that has access to a database that can validate the mapping between the username and the password.



Accounting is built-in and can provide text file, UNIX style and SQL logs. These logs track user activities. Other schemes can be supported by extending RADIUS.


RADIUS is currently the de-facto standard for remote authentication. It provides protection against attacks and centralized administration.

User access can be controlled through authentication and authorization. All information regarding which user requested for the authorization to access a particular resource is stored in an Audit Log. This information is useful in tracking down any security breach or unauthorized access to a resource within the organization's network.

Advertisment

RADIUS (Remote Authentication Dial-In User Service) and TACACS (Terminal Access Controller Access Control System) are two protocols commonly used to provide these solutions. Filters can be used on routers to keep unauthorized users or application from accessing the router.

Another method, called Single Sign-on, lets a user authenticate himself to the network only once. He can then access any network resource (these can range from printers to applications) without having to reauthenticate himself. The moment he logs on to the network, automatic encryption of the user session starts. For example, an organization wants to protect salary information. A policy to start encryption automatically can be created whenever this information is accessed.

After analyzing the network usage, quotas can be created to avoid network degradation. For example, disk quotas can be created according to users or groups, limits on file size or types, users can be restricted to access the files. The user or the administrator can be notified or shown the status of quotas via e-mail or pop up messages.

Advertisment