logging in or signing up brownlee Kestrel Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 20 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: December 01, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Slide1: Accounting, Auditing and Session IDs Nevil Brownlee The University of Auckland / CAIDA Adelaide, March 2000Slide2: Accounting and Auditing Auditing means “making and distributing records of network activity so that events, usage, etc. can be summarised for the users responsible for them” Accounting means “generating audit records” An Accounting ID is a globally unique identifier used by an Audit server to correlate audit records by session and sub-session Audit servers could allow controlled access to different parts of the audit database, e.g. users could see their usage records Slide3: Accounting IDs Several good ways to construct globally unique identifiers are already known, e.g. SMTP, DIAMETER, UUID URI, etc. A simple scheme for AAA could be nnn.ttt@server.foo.com where server.foo.com = server’s domain name ttt = time of day (UTC seconds) nnn = sequence number (set to a random value on server boot-up) Slide4: Using Accounting IDs Could have AAA server generate Accounting ID on authentication, and have all servers use it. This creates a bottleneck Better to have each server generate and use its own sub-session ID Each server will send audit records to one or more Audit Servers using their IDs The servers will also need to send the Audit servers information about the IDs, allowing it to keep track of the sub-session tree Slide5: User Agent Home AAA Server Remote AAA Server Secondary Audit (AAA) Server S0 generates Accounting ID K0, sends K0 with Authentication Request via AR to AH AH returns Authentication Response to S0, with list of Audit Servers (AH, As) User starts sessionSlide6: Home AAA Server Remote AAA Server Secondary Audit (AAA) Server S0 sends Start Session request to its designated Audit Servers (AH, As) Start Session record includes the session Accounting ID, K0 S0 Initiates Auditing User AgentSlide7: Home AAA Server Remote AAA Server Secondary Audit (AAA) Server S0 sends Audit Record(s) to its designated Audit Servers (AH, As) Every audit record record includes the session Accounting ID, K0 S0 Session Progresses User AgentSlide8: S0 starts Sub-session S1 Home AAA Server Remote AAA Server Secondary Audit (AAA) Server Sub-session examples: Bandwidth Broker, VoIP Gateway S0 sends S1 a Start Sub-session request, which includes K0 and (AH, As) Sub-session Server 1 User AgentSlide9: S1 Initiates Auditing Home AAA Server Remote AAA Server Secondary Audit (AAA) Server S1 generates sub-session Accounting ID K1, sends Start Sub-session request to (AH, As), which includes K0, K1 and (AH, As) Sub-session Server 1 User AgentSlide10: Home AAA Server Remote AAA Server Secondary Audit (AAA) Server S1 sends Audit Record(s) with Accounting ID K1 to (AH, As) S1 Sub-session Progresses Sub-session Server 1 User AgentSlide11: Home AAA Server Remote AAA Server Secondary Audit (AAA) Server S1 starts Sub-session S2 S1 sends S2 a Start Sub-session request, which includes K1 and (AH, As) Sub-session Server 1 Sub-session Server 2 User AgentSlide12: Home AAA Server Remote AAA Server Secondary Audit (AAA) Server S2 Initiates Auditing S2 generates sub-session Accounting ID K2, sends Start Sub-session request to (AH, As), which includes K1, K2 and (AH, As) Sub-session Server 1 Sub-session Server 2 User AgentSlide13: Home AAA Server Remote AAA Server Secondary Audit (AAA) Server S2 Sub-session Progresses Sub-session Server 1 Sub-session Server 2 S1 sends Audit Record(s) with Accounting ID K1 to (AH, As) User AgentSlide14: Summary There are several good ways to make a globally unique Accounting ID Accounting IDs can be generated by each server contributing to a session Each server must send Accounting IDs for itself and its parent to the Audit Server(s) as part of initiating sub-session audit activities Audit servers collect pairs of parent-child Accounting IDs and use them to reconstruct the session tree You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
brownlee Kestrel Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 20 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: December 01, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Slide1: Accounting, Auditing and Session IDs Nevil Brownlee The University of Auckland / CAIDA Adelaide, March 2000Slide2: Accounting and Auditing Auditing means “making and distributing records of network activity so that events, usage, etc. can be summarised for the users responsible for them” Accounting means “generating audit records” An Accounting ID is a globally unique identifier used by an Audit server to correlate audit records by session and sub-session Audit servers could allow controlled access to different parts of the audit database, e.g. users could see their usage records Slide3: Accounting IDs Several good ways to construct globally unique identifiers are already known, e.g. SMTP, DIAMETER, UUID URI, etc. A simple scheme for AAA could be nnn.ttt@server.foo.com where server.foo.com = server’s domain name ttt = time of day (UTC seconds) nnn = sequence number (set to a random value on server boot-up) Slide4: Using Accounting IDs Could have AAA server generate Accounting ID on authentication, and have all servers use it. This creates a bottleneck Better to have each server generate and use its own sub-session ID Each server will send audit records to one or more Audit Servers using their IDs The servers will also need to send the Audit servers information about the IDs, allowing it to keep track of the sub-session tree Slide5: User Agent Home AAA Server Remote AAA Server Secondary Audit (AAA) Server S0 generates Accounting ID K0, sends K0 with Authentication Request via AR to AH AH returns Authentication Response to S0, with list of Audit Servers (AH, As) User starts sessionSlide6: Home AAA Server Remote AAA Server Secondary Audit (AAA) Server S0 sends Start Session request to its designated Audit Servers (AH, As) Start Session record includes the session Accounting ID, K0 S0 Initiates Auditing User AgentSlide7: Home AAA Server Remote AAA Server Secondary Audit (AAA) Server S0 sends Audit Record(s) to its designated Audit Servers (AH, As) Every audit record record includes the session Accounting ID, K0 S0 Session Progresses User AgentSlide8: S0 starts Sub-session S1 Home AAA Server Remote AAA Server Secondary Audit (AAA) Server Sub-session examples: Bandwidth Broker, VoIP Gateway S0 sends S1 a Start Sub-session request, which includes K0 and (AH, As) Sub-session Server 1 User AgentSlide9: S1 Initiates Auditing Home AAA Server Remote AAA Server Secondary Audit (AAA) Server S1 generates sub-session Accounting ID K1, sends Start Sub-session request to (AH, As), which includes K0, K1 and (AH, As) Sub-session Server 1 User AgentSlide10: Home AAA Server Remote AAA Server Secondary Audit (AAA) Server S1 sends Audit Record(s) with Accounting ID K1 to (AH, As) S1 Sub-session Progresses Sub-session Server 1 User AgentSlide11: Home AAA Server Remote AAA Server Secondary Audit (AAA) Server S1 starts Sub-session S2 S1 sends S2 a Start Sub-session request, which includes K1 and (AH, As) Sub-session Server 1 Sub-session Server 2 User AgentSlide12: Home AAA Server Remote AAA Server Secondary Audit (AAA) Server S2 Initiates Auditing S2 generates sub-session Accounting ID K2, sends Start Sub-session request to (AH, As), which includes K1, K2 and (AH, As) Sub-session Server 1 Sub-session Server 2 User AgentSlide13: Home AAA Server Remote AAA Server Secondary Audit (AAA) Server S2 Sub-session Progresses Sub-session Server 1 Sub-session Server 2 S1 sends Audit Record(s) with Accounting ID K1 to (AH, As) User AgentSlide14: Summary There are several good ways to make a globally unique Accounting ID Accounting IDs can be generated by each server contributing to a session Each server must send Accounting IDs for itself and its parent to the Audit Server(s) as part of initiating sub-session audit activities Audit servers collect pairs of parent-child Accounting IDs and use them to reconstruct the session tree