Access Control – Checking at the Entrance !

So the very first measure that we would normally take to secure an IS environment is to stop and check for a user’s validity at the entry point of the network itself.
This may be an entry point to the company’s facility, or logging on to a desktop computer on the network.
All of these processes of checking form a part of Access Control.
 
The whole process starting from a user entering his credentials to his being able to access the resource he wants to, is actually broken down into 4 components
 
1. Identification
2. Authentication
3. Authorization
4. Accountability
 
(And you thought it was simple?? )
 
So lets talk about them in brief-
1. Identification – Process whereby a user can be known for later accountability. (e.g. username)
   meaning, "may I know who I am talking to?"
2. Authentication – Process to verify that a user is who he is claiming to be. (e.g. password)
   meaning, "May i see your photo id?" or "Proove that you are xyz."
3. Authorization – process of checking and granting the right level of access to the user for the resource he needs to access. meaning, "What do you want to do?" and "Let me check if you can do it."
4. Accountability – Process of tracking an incedent so as to hold accountability for it to a user. (e.g maintaining audit logs). meaning, "Lets check who did this!"
 
Different kinds of mechanisms exist for identification and authentication and can be orderd on the basis of surity they provide of a user being actually who he claims to be. There may be four kinds of access control techniques which can be used in isolation or in combination to one another:
a. Where you are – giving access based upon the physical location of the user. e.g in RAS
b. What you know – based upon what you remember. e.g passwords
c. What you have – based upon some physical card you have. e.g smart card
d. Who you are – based upon your unique physiological characters. e.g. biometrics
 
I ll talk about "Biometric systems" , the most trusted source of user identification, in my next blog!

6 thoughts on “Access Control – Checking at the Entrance !”

  1. Hi,Do you need digital signages, advertising displays, digital sign, advertisement displays and advertising players? Please go Here:www.amberdigital.com.hk(Amberdigital).we have explored and developed the international market with professionalism. We have built a widespread marketing network, and set up a capable management team dedicated to provide beyond-expectation services to our customers.
    amberdigital Contact Us
    website:www.amberdigital.com.hk
    alibaba:amberdigital.en.alibaba.com[chibihihfbjhei]

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s