Simply Access Control is the ability to control access to a set of resources in a particular area. The term ‘Access Control’ generally refers to systems that can control, monitor and limit the movement of people, assets or vehicles, in, out and around buildings or sites.
The benefits of using an access control system include preventing loss or damage to capital assets and reducing the risk of personal injury to staff and visitors.
Access Control has several principles:
Principle of least privilege
If there is no configuration for the user especially specifically like the individual or group, where the user is located etc, the user should not be able to access that information.
Separation of Duties
Separate the access area to reduce unauthorized data modification to the assets or information of an organization.
Need to Know
This principle is based on the concept of each user who will be given access only to the information they need just to perform the task.
Access control based on model:
Discretionary Access Control
Is a control access model that is set according to the owner’s wishes placed on an ACL (access control list). Using this model is a configuration of granting access based on the user’s needs.
Mandatory Access Control
This model is a highly structured and rigorous model. Users are granted access permissions by classifying the subject (secret, top secret, confidential etc.) and this classification also applies to objects.
Role Based Access Control (RBAC)
Access control is based on user tasks and uses the administrator control to ensure interaction between subject and object.
Ruleset Based Access Control (RSBAC)
Access control is specific to the object to be accessed by the user.
Is a list of objects that can be accessed for each user.
Access control based on the technology that is:
Single Sign-On: A technology that allows a user to input a single command to access all primary and secondary network resources.
Kerberos: An authentication protocol that works based on symmetric cryptographic keys used in UNIX systems and becomes the authentication method for windows 2000.
SESAME (Secure European System for Application in a Multi-vendor Environtment): SSO Technology developed for Kerberos enhancements that use cryptographic techniques to protect data exchange and to authenticate subjects to the network.
and the last Access Control based on authentication protocols are:
Password Authentication Portocol (PAP)
It is the most standard authentication form where the authentication uses the username and password transmitted to the system and then matches the username and password in the database. the weakness of this authentication is the username and password sent to the system without any encryption first.
Challenge Handshake Authentication Protocol (CHAP)
Almost the same as the PAP authentication process, the difference is when the username and password are sent to the CHAP system using encryption using MD5 algorithm making it more secure.