Information Technology Fundamentals – Using Access Control"
Using Access Control
Limiting who can use a system and what data or hardware they have access to is the goal of access control. Authentication is the process by which authorized individuals gain entry to a network and use its services. Access control is a form of security that limits the actions of users and the data they can access in a computer system. It's a fundamental principle of safety that helps reduce danger for any business or group.
Employee access to restricted areas of a firm can be monitored through the use of electronic access control systems that are based on user credentials, access card readers, auditing, and reports. Control panels are used in these systems to limit who can enter or operate sensitive regions like alarm and lockout zones.
Access control systems detect, authenticate, and authorize individuals and entities by analyzing login credentials such as passwords, PINs, biometric scans, and other authentication factors. Access control systems often incorporate many layers of defense, with multi-factor authentication being a crucial component.
Components of Authenticity:
- Pin or Password
- Bio-metric measurement (fingerprint & retina scan)
- Key or Card
When securing information technology, different access control methods are used depending on the compliance standards and the desired level of security. Access control is primarily of two types:
1. Physical Access Control: Campuses, buildings, and rooms, as well as actual IT assets, can be protected by implementing some sort of physical access control system.
2. Logical Access Control: Through the use of logical permissions, users can limit their access to resources like network nodes, system files, and data.
Access Control Models
Attribute-Based Access Control (ABAC): Based on the characteristics of users, systems, and the surrounding environment, access is granted or refused.
Role-Based Access Control (RBAC): Role-based access control allows for differentiated levels of access based on job function. When it comes to granting access to resources on a large scale, Role-based access control removes all room for human judgment. For instance, HR professionals shouldn't have the ability to set up new accounts on the network.
History-Based Access Control (HBAC): The requester's behavior, time intervals between requests, and the nature of the requests themselves are all taken into account when deciding whether or not to give access.
Organization-Based Access Control (OrBAC): This architecture lets the policy designer to develop a security policy independently from its implementation.
Discretionary Access Control (DAC): Discretionary access control allows data owners to control who has access to their data.
Identity-Based Access Control (IBAC): Using this strategy, network administrators can manage activity and access more effectively based on individual needs.
Rule-Based Access Control (RAC): Using a Rule-Based Access Control framework relies largely on the surrounding circumstances. For instance, class time would be restricted so that students could only use the laboratories at certain times.
Mandatory Access Control (MAC): A control architecture in which a central authority governs access permissions based on different security tiers. Mandatory access control is used to implement Security Enhanced Linux on the Linux operating system.