Access Control in Computer Network
Access control is a method of limiting access to a system or to physical or virtual resources. It is a process by which users can access and are granted certain prerogative to systems, resources or information. Access control is a security technique that has control over who can view different aspects, what can be viewed and who can use resources in a computing environment. It is a fundamental concept in security that reduces risk to the business or organization. To establish a secure system, electronic access control systems are used that depend on user credentials, access card readers, auditing and reports to track employee access to restricted business locations and areas. These systems include access control panels to prohibit entry to sensitive areas like alarms and lock down areas to prevent unauthorized access or operations. Access control systems perform identification, authentication, and authorization of users and entities by evaluating required login credentials that may include passwords, pins, bio-metric scans or other authentication factors. There is multi-factor authentication which requires two or more authentication factors which is often an important part of the layered defense to protect access control systems. Authentication Factors:
- Password or PIN
- Bio-metric measurement (fingerprint & retina scan)
- Card or Key
For computer security, access control include the authorization, authentication and audit of the entity trying to gain access. Access control models have a subject and an object.
The Subject-the human user-is the one trying to gain access to the object-usually the software. In computer systems, an access control list contains a list of permissions and the users to whom these permissions apply.
- Two-factor authentication
- Multi factor authentication
- one-time password
- Three-factor authentication
- Bio metrics
- Hard Tokens
- Soft Tokens
- Contextual Authentication
- Device identification
Different access control models are used depending on the compliance requirements and the security levels of information technology that is to be protected. Basically access control is of 2 types:
- Physical Access Control: Physical access control restricts entry to campuses, buildings, rooms and physical IT assets.
- Logical Access Control: Logical access control limits connections to computer networks, system files and data.
Access Control Models:
- Attribute-based Access Control (ABAC): In this model, access is granted or declined by evaluating a set of rules, policies, and relationships using the attributes of users, systems and environmental conditions.
- Discretionary Access Control (DAC): In DAC, the owner of data determines who can access specific resources.
- History-Based Access Control (HBAC): Access is granted or declined by evaluating the history of activities of the inquiring party that includes behavior, the time between requests and content of requests.
- Identity-Based Access Control (IBAC): By using this model network administrators can more effectively manage activity and access based on individual requirements.
- Mandatory Access Control (MAC): A control model in which access rights are regulated by a central authority based on multiple levels of security. Security Enhanced Linux is implemented using MAC on the Linux operating system.
- Organization-Based Access control (OrBAC): This model allows the policy designer to define a security policy independently of the implementation.
- Role-Based Access Control (RBAC): RBAC allows access based on the job title. RBAC eliminates discretion on a large scale when providing access to objects. For example, there should not be permissions for human resources specialist to create network accounts.
- Rule-Based Access Control (RAC): RAC method is largely context based. Example of this would be only allowing students to use the labs during a certain time of day.