Access control—a term referring to the measures taken to determine who can interact with a given resource—is actually part of our everyday lives. One of the simplest forms of access control is the lock on your car door, which prevents entry by anyone who doesn't have a key. Real-world access control is used for coin-operated restroom stalls, childproof medicine bottles, and ATM cards protected by PIN codes.
But in the realm of information technology, access control is an essential part of security. Of course, it’s a bit more complicated than your car door locks, because IT security has to guard against the cyber version of car thieves armed with crowbars and lock picks as substitutes for keys.
Security access control incorporates three primary areas of concern:
Identity and authentication: The gatekeepers of access control
The process of identity and authentication (I&A) makes sure that the subject entity—either a person or another electronic system—is really who they say they are. The most common and recognizable form of I&A is the user name and password system assigned to just about every electronic device and website that deals with personalized data.
There are several different ways to implement I&A on a system or resource. The authenticator, which is the mechanism used to verify identification, usually involves at least one of these factors:
Authorization: What you can—and can't—access
Once you've been identified and authenticated, the next step in access control is authorization. This refers to the actions you're able to perform in the system. Most electronic systems have different levels of user-dependent authorization, which are commonly called permissions.
The three typical sets of permissions are:
Accountability: Keeping track of your activity
This facet of security access control is the primary difference between electronic IT control and the simpler physical forms like locks and childproof caps. Accountability, also referred to as audit, employs components like audit trails and logs to record the actions users take while they're logged onto a system.
Audit trails and logs allow IT systems to detect and take action against security violations. These records also let system administrators recreate incidents that have led to security breaches, so they can trace the user, retract permissions, and take any other necessary actions.
Casual users can see accountability in action with systems that either time out or automatically disable accounts after a certain number of failed log-in attempts. These automated fail-safes are known as clipping levels, and they help to prevent unauthorized access.
Additional access control methods
While authentication, authorization, and accountability represent the primary building blocks of access control systems, extra measures are often employed. These include:
For IT security, access control is serious business—which is fortunate for all of us who would rather not have people regularly breaking into our email, Facebook profile, and online bank accounts. We get to keep the keys, while IT companies protect us from the electronic versions of crowbars and lock picks.
Any operational business model relies heavily on IT support and the help desk to achieve maximum uptime for all IT systems. This white paper addresses ways for help desk analysts and IT support staff to easily and efficiently handle their workload by simplifying and automating processes to increase time and operational cost savings, enhance productivity, and boost customer satisfaction. more