Open In App

Access Control in Computer Network

Last Updated : 26 Mar, 2024
Improve
Improve
Like Article
Like
Save
Share
Report

Access control is a security strategy that controls who or what can view or utilize resources in a computer system. It is a fundamental security concept that reduces risk to the company or organization. In this article, we are going to discuss every point about access control.

What is Access Control?

Access Control is a method of limiting access to a system or resources. Access control refers to the process of determining who has access to what resources within a network and under what conditions. It is a fundamental concept in security that reduces risk to the business or organization. Access control systems perform identification, authentication, and authorization of users and entities by evaluating required login credentials that may include passwords, pins, bio-metric scans, or other authentication factors. Multi-factor authentication requires two or more authentication factors, which is often an important part of the layered defense to protect access control systems.

Authentication Factors

  • Password or PIN
  • Bio-metric measurement (fingerprint & retina scan)
  • Card or Key 

For computer security, access control includes the authorization, authentication, and audit of the entity trying to gain access. Access control models have a subject and an object.

Components of Access Control

  • Authentication: Authentication is the process of verifying the identity of a user. User authentication is the process of verifying the identity of a user when that user logs in to a computer system.
  • Authorization: Authorization determines the extent of access to the network and what type of services and resources are accessible by the authenticated user. Authorization is the method of enforcing policies.
  • Access: After the successful authentication and authorization, their identity becomes verified, This allows them to access the resource to which they are attempting to log in.
  • Manage: Organizations can manage their access control system by adding and removing authentication and authorization for users and systems. Managing these systems can be difficult in modern IT setups that combine cloud services and physical systems.
  • Audit: The access control audit method enables organizations to follow the principle. This allows them to collect data about user activities and analyze it to identify possible access violations.

How Access Control Works?

Access control involves determining a user based on their credentials and then providing the appropriate level of access once confirmed. Credentials are used to identify and authenticate a user include passwords, pins, security tokens, and even biometric scans. Multifactor authentication (MFA) increases security by requiring users to be validated using more than one method. Once a user’s identity has been verified, access control policies grant specified permissions, allowing the user to proceed further. Organizations utilize several access control methods depending on their needs.

Types of Access Control

  • Attribute-based Access Control (ABAC): In this model, access is granted or declined by evaluating a set of rules, policies, and relationships using the attributes of users, systems and environmental conditions.
  • Discretionary Access Control (DAC): In DAC, the owner of data determines who can access specific resources.
  • History-Based Access Control (HBAC): Access is granted or declined by evaluating the history of activities of the inquiring party that includes behavior, the time between requests and content of requests.
  • Identity-Based Access Control (IBAC): By using this model network administrators can more effectively manage activity and access based on individual requirements.
  • Mandatory Access Control (MAC): A control model in which access rights are regulated by a central authority based on multiple levels of security. Security Enhanced Linux is implemented using MAC on the Linux operating system.
  • Organization-Based Access control (OrBAC): This model allows the policy designer to define a security policy independently of the implementation.
  • Role-Based Access Control (RBAC): RBAC allows access based on the job title. RBAC eliminates discretion on a large scale when providing access to objects. For example, there should not be permissions for human resources specialist to create network accounts.
  • Rule-Based Access Control (RAC): RAC method is largely context based. Example of this would be only allowing students to use the labs during a certain time of day.

Different access control models are used depending on the compliance requirements and the security levels of information technology that is to be protected. Basically access control is of 2 types:

  • Physical Access Control: Physical access control restricts entry to campuses, buildings, rooms and physical IT assets.
  • Logical Access Control: Logical access control limits connections to computer networks, system files and data.

Challenges of Access Control

  • Distributed IT Systems: Current IT systems frequently combine internet and on-premise networks. These systems may be distributed geographically and comprise various devices, assets, and virtual machines. Access is allowed to all of these devices, and keeping track of them can be challenging.
  • Policy Management: Policy makers within the organization create policies, and the IT department converts the planned policies into code for implementation. Coordination between these two groups is essential for keeping the access control system up to date and functioning properly.
  • Monitoring and Reporting: Organizations must constantly check access control systems to guarantee compliance with corporate policies and regulatory laws. Any violations or changes must be recognized and reported immediately.
  • Access Control Models: Access control mechanisms provide varying levels of precision. Choosing the right access control strategy for your organization allows you to balance acceptable security with employee efficiency.

Types of Authentication Mechanism

  •  Two-factor authentication
  • Multi-factor authentication
  • one-time password
  • Three-factor authentication
  • Biometrics
  • Hard Tokens
  • Soft Tokens
  • Contextual Authentication
  • Device identification

Difference between Authentication and Authorization

Authentication

Authorization

Authentication is the process of verifying the identity of a user.

Authorization determines the extent of access to the network and what type of services and resources are accessible by the authenticated user.

It is done before the authorization process.

While this process is done after the authentication process.

It needs usually the user’s login details.

While it needs the user’s privilege or security levels.

The authentication credentials can be changed in part as and when required by the user.

The authorization permissions cannot be changed by user as these are granted by the owner of the system and only he/she has the access to change it.

Authentication determines whether the person is user or not.

While it determines What permission does the user have?

The user authentication is visible at user end.

The user authorization is not visible at the user end.

The user authentication is identified with username, password, face recognition, retina scan, fingerprints, etc. 

The user authorization is carried out through the access rights to resources by using roles that have been pre-defined.

Conclusion

Access control is an essential part of computer networks. They contribute to limiting access to network resources and preventing unauthorized access. Firewalls, biometric authentication, password policies, RBAC, ABAC, MFA, VPNs, intrusion detection systems, and data encryption are examples of access control measures. Organisations can assure network security and protect themselves from security threats by using access control.

Frequently Asked Question on Access Control – FAQs

What is the role of access control lists (ACLs) in network security?

Access control list is a set of rules defined for controlling network traffic and reducing network attacks. ACLs are used to filter traffic based on the set of rules defined for the incoming or outgoing of the network

What are some best practices for implementing access control?

Some best practice for implementing access control are User Identification, Authentication, Auditing and Monitoring etc.

What are some challenges in access control implementation?

Some challenges include Policy management, Excessive permissions and exceptions, Monitoring and reporting, Access control models.



Like Article
Suggest improvement
Previous
Flow Control in Data Link Layer
Next
Examples of Data Link Layer Protocols
Share your thoughts in the comments

Similar Reads

What is Network Access Control?
Access Control Tactics in Computer Networks
Controlled Access Protocols in Computer Network
Multiple Access Protocols in Computer Network
Basic Network Attacks in Computer Network
How to Find Network IP Address of Computer Using Computer Name?
Difference between Flow Control and Congestion Control
Difference between Flow Control and Error Control
Difference between Control Structure and Control Statement
Role-based Access Control

P
pp_pankaj
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox