Access Control
Unit: 10 Lesson: 1
g### license and registration please
Access Control Systems govern how subjects and principals interact with objects. Modern access control is implemented as an IAM system, which have four main parts:
- Identification: Creating an account or ID that uniquely represents a network user
- Authentication: Proving the end user is using the network user account when trying to access a secure network resource
- Authorization: Determining what rights subjects have on each network resource, and how to enforce those rights
- Accounting: How to track authorized usage of rights and resources on a network
Authentication Methods
We all (the IT community) have fancy ways of saying how to login.
| Factor | Check | Example | Weakness |
|---|---|---|---|
| Knowledge | Something you know | Password | Shared Written down |
| Ownership | Something you have | Smart Card | Lost or Stolen |
| Biometric | Something you are | Fingerprint | High error rates |
| Behavioral | Something you do | Signature | Unreliable/Inspecific |
| Location | Somewhere you are | Geofencing | " " |
| Time | Somewhen (?) you are | Work Hour Access TOTP |
" " |
| Authentication technologies are considered strong if they use multiple authentication methods before granting access to a secure resource. |
#Netplus