While it's important to track the devices on your network, it's also essential to keep track of how your users are using the network. That's the job of accounting management. It's about measuring network utilization so that the individual or group usage of the network can be properly regulated. This ensures that the users have proper access to all network resources that they're allowed to access. For this, you also need to define an AUP (Acceptable Usage Policy) for the users.
Accounting management tracks the users' utilization of the network, the kind of traffic flowing and how long the users stay connected to the network. This enables one to know whether there's been a violation of the AUP and warns users about it. Accounting management helps to mitigate risks (worms, virus), increase network service and security. This enables better network service for mission-critical applications, improved network performance and appropriate resource allocations.
|
User access can be controlled through authentication and authorization. All information regarding which user requested for the authorization to access a particular resource is stored in an Audit Log. This information is useful in tracking down any security breach or unauthorized access to a resource within the organization's network.
RADIUS (Remote Authentication Dial-In User Service) and TACACS (Terminal Access Controller Access Control System) are two protocols commonly used to provide these solutions. Filters can be used on routers to keep unauthorized users or application from accessing the router.
Another method, called Single Sign-on, lets a user authenticate himself to the network only once. He can then access any network resource (these can range from printers to applications) without having to reauthenticate himself. The moment he logs on to the network, automatic encryption of the user session starts. For example, an organization wants to protect salary information. A policy to start encryption automatically can be created whenever this information is accessed.
After analyzing the network usage, quotas can be created to avoid network degradation. For example, disk quotas can be created according to users or groups, limits on file size or types, users can be restricted to access the files. The user or the administrator can be notified or shown the status of quotas via e-mail or pop up messages.