Access Control in Computer Network
Last Updated :
19 Jul, 2024
Access control is a security strategy that controls who or what can view or utilize resources in a computer system. It is a fundamental security concept that reduces risk to the company or organization. In this article, we are going to discuss every point about access control. In this article, we will learn about Access control and its authentication factors, components of access control, types of access control, and the Difference between Authentication and Authorization.
What is Access Control?
Access Control is a method of limiting access to a system or resources. Access control refers to the process of determining who has access to what resources within a network and under what conditions. It is a fundamental concept in security that reduces risk to the business or organization. Access control systems perform identification, authentication, and authorization of users and entities by evaluating required login credentials that may include passwords, pins, bio-metric scans, or other authentication factors. Multi-factor authentication requires two or more authentication factors, which is often an important part of the layered defense to protect access control systems.
Authentication Factors
For computer security, access control includes the authorization, authentication, and audit of the entity trying to gain access. Access control models have a subject and an object.
Components of Access Control
- Authentication: Authentication is the process of verifying the identity of a user. User authentication is the process of verifying the identity of a user when that user logs in to a computer system.
- Authorization: Authorization determines the extent of access to the network and what type of services and resources are accessible by the authenticated user. Authorization is the method of enforcing policies.
- Access: After the successful authentication and authorization, their identity becomes verified, This allows them to access the resource to which they are attempting to log in.
- Manage: Organizations can manage their access control system by adding and removing authentication and authorization for users and systems. Managing these systems can be difficult in modern IT setups that combine cloud services and physical systems.
- Audit: The access control audit method enables organizations to follow the principle. This allows them to collect data about user activities and analyze it to identify possible access violations.
How Access Control Works?
Access control involves determining a user based on their credentials and then providing the appropriate level of access once confirmed. Credentials are used to identify and authenticate a user include passwords, pins, security tokens, and even biometric scans. Multifactor authentication (MFA) increases security by requiring users to be validated using more than one method. Once a user's identity has been verified, access control policies grant specified permissions, allowing the user to proceed further. Organizations utilize several access control methods depending on their needs.
Types of Access Control
- Attribute-based Access Control (ABAC): In this model, access is granted or declined by evaluating a set of rules, policies, and relationships using the attributes of users, systems and environmental conditions.
- Discretionary Access Control (DAC): In DAC, the owner of data determines who can access specific resources.
- History-Based Access Control (HBAC): Access is granted or declined by evaluating the history of activities of the inquiring party that includes behavior, the time between requests and content of requests.
- Identity-Based Access Control (IBAC): By using this model network administrators can more effectively manage activity and access based on individual requirements.
- Mandatory Access Control (MAC): A control model in which access rights are regulated by a central authority based on multiple levels of security. Security Enhanced Linux is implemented using MAC on the Linux operating system.
- Organization-Based Access control (OrBAC): This model allows the policy designer to define a security policy independently of the implementation.
- Role-Based Access Control (RBAC): RBAC allows access based on the job title. RBAC eliminates discretion on a large scale when providing access to objects. For example, there should not be permissions for human resources specialist to create network accounts.
- Rule-Based Access Control (RAC): RAC method is largely context based. Example of this would be only allowing students to use the labs during a certain time of day.
Different access control models are used depending on the compliance requirements and the security levels of information technology that is to be protected. Basically access control is of 2 types:
- Physical Access Control: Physical access control restricts entry to campuses, buildings, rooms and physical IT assets.
- Logical Access Control: Logical access control limits connections to computer networks, system files and data.
Challenges of Access Control
- Distributed IT Systems: Current IT systems frequently combine internet and on-premise networks. These systems may be distributed geographically and comprise various devices, assets, and virtual machines. Access is allowed to all of these devices, and keeping track of them can be challenging.
- Policy Management: Policy makers within the organization create policies, and the IT department converts the planned policies into code for implementation. Coordination between these two groups is essential for keeping the access control system up to date and functioning properly.
- Monitoring and Reporting: Organizations must constantly check access control systems to guarantee compliance with corporate policies and regulatory laws. Any violations or changes must be recognized and reported immediately.
- Access Control Models: Access control mechanisms provide varying levels of precision. Choosing the right access control strategy for your organization allows you to balance acceptable security with employee efficiency.
Types of Authentication Mechanism
- Two-factor authentication
- Multi-factor authentication
- one-time password
- Three-factor authentication
- Biometrics
- Hard Tokens
- Soft Tokens
- Contextual Authentication
- Device identification
What Are Some Methods for Implementing Access Control?
Virtual Private Networks are one of the most commonly used techniques to implement access controls. This allows users to safely access resources remotely, which is critical when working away from the actual workplace. VPNs can be used by businesses to offer safe access to their networks when workers are spread out across the globe. While this is great for security reasons, it may cause performance concerns, such as latency. Other techniques of access control include identity repositories, monitoring and reporting apps, password management tools, provisioning tools, and security policy enforcement services.
Difference between Authentication and Authorization
Authentication | Authorization |
|---|
Authentication is the process of verifying the identity of a user. | Authorization determines the extent of access to the network and what type of services and resources are accessible by the authenticated user. |
It is done before the authorization process. | While this process is done after the authentication process. |
It needs usually the user’s login details. | While it needs the user’s privilege or security levels. |
The authentication credentials can be changed in part as and when required by the user. | The authorization permissions cannot be changed by user as these are granted by the owner of the system and only he/she has the access to change it. |
Authentication determines whether the person is user or not. | While it determines What permission does the user have? |
The user authentication is visible at user end. | The user authorization is not visible at the user end. |
The user authentication is identified with username, password, face recognition, retina scan, fingerprints, etc. | The user authorization is carried out through the access rights to resources by using roles that have been pre-defined. |
Conclusion
Access control is an essential part of computer networks. They contribute to limiting access to network resources and preventing unauthorized access. Firewalls, biometric authentication, password policies, RBAC, ABAC, MFA, VPNs, intrusion detection systems, and data encryption are examples of access control measures. Organisations can assure network security and protect themselves from security threats by using access control.
Similar Reads
What is OSI Model? - Layers of OSI Model The OSI (Open Systems Interconnection) Model is a set of rules that explains how different computer systems communicate over a network. OSI Model was developed by the International Organization for Standardization (ISO). The OSI Model consists of 7 layers and each layer has specific functions and re
13 min read
OSI Model Basics
OSI Model and TCP/IP Model
How Communication happens using OSI model The Open System Interconnection (OSI) model is a standard “reference model†created by an International Organization for Standardization (ISO) to describe how software and hardware components involved in network communication divide efforts and interact with each other. The OSI model defines a seven
4 min read
Physical Layer
Types of Network TopologyNetwork topology refers to the arrangement of different elements like nodes, links, or devices in a computer network. Common types of network topology include bus, star, ring, mesh, and tree topologies, each with its advantages and disadvantages. In this article, we will discuss different types of n
12 min read
Transmission Modes in Computer Networks (Simplex, Half-Duplex and Full-Duplex)Transmission modes also known as communication modes, are methods of transferring data between devices on buses and networks designed to facilitate communication. They are classified into three types: Simplex Mode, Half-Duplex Mode, and Full-Duplex Mode. In this article, we will discuss Transmission
6 min read
Data Link Layer
Network Layer
Network Layer ServicesThe network layer is a part of the communication process in computer networks. Its main job is to move data packets between different networks. It helps route these packets from the sender to the receiver across multiple paths and networks. Network-to-network connections enable the Internet to funct
6 min read
Network ProtocolsNetwork Protocols are a set of guidelines governing the exchange of information in a simple, dependable and secure way. Network protocols are formal standards and policies comprised of rules, methodology, and configurations that define communication between two or more devices over a network. To eff
3 min read
What is an IP Address?Imagine every device on the internet as a house. For you to send a letter to a friend living in one of these houses, you need their home address. In the digital world, this home address is what we call an IP (Internet Protocol) Address. It's a unique string of numbers separated by periods (IPv4) or
14 min read
ARP, Reverse ARP(RARP), Inverse ARP (InARP), Proxy ARP and Gratuitous ARPPrerequisite IP Addressing, Introduction of MAC Addresses, Basics of Address Resolution Protocol (ARP) In this article, we will discuss about whole ARP-family, which are ARP, RARP, InARP, Proxy ARP and Gratuitous ARP. Let's try to understand each one by one.1. Address Resolution Protocol (ARP) -Addr
6 min read
Internet Control Message Protocol (ICMP)Internet Control Message Protocol is known as ICMP. The protocol is at the network layer. It is mostly utilized on network equipment like routers and is utilized for error handling at the network layer. Since there are various kinds of network layer faults, ICMP can be utilized to report and trouble
11 min read
What is IGMP(Internet Group Management Protocol)?IGMP is an acronym for Internet Group Management Protocol. IGMP is a communication protocol used by hosts and adjacent routers for multicasting communication with IP networks and uses the resources efficiently to transmit the message/data packets. Multicast communication can have single or multiple
9 min read
Transport Layer
Presentation Layer
Application Layer