Access Control
license and registration please
Access Control Systems govern how subjects and principals interact with objects. Modern access control is implemented as an IAM system, which have four main parts:
- Identification: Creating an account or ID that uniquely represents a network user
- Authentication: Proving the end user is using the network user account when trying to access a secure network resource
- Authorization: Determining what rights subjects have on each network resource, and how to enforce those rights
- Accounting: How to track authorized usage of rights and resources on a network
Authentication Methods
We all (the IT community) have fancy ways of saying how to login.
| Factor | Check | Example | Weakness |
|---|---|---|---|
| Knowledge | Something you know | Password | Shared Written down |
| Ownership | Something you have | Smart Card | Lost or Stolen |
| Biometric | Something you are | Fingerprint | High error rates |
| Behavioral | Something you do | Signature | Unreliable/Inspecific |
| Location | Somewhere you are | Geofencing | " " |
| Time | Somewhen (?) you are | Work Hour Access TOTP |
" " |
Authentication technologies are considered strong if they use multiple authentication methods before granting access to a secure resource.
No comments to display
No comments to display