Access Control in Computer

Network
Access control is a method of limiting access to a system
or to physical or virtual resources. It is a process by which
users can access and are granted certain prerogative to
systems, resources or information. Access control is a
security technique that has control over who can view
different aspects, what can be viewed and who can use
resources in a computing environment. It is a fundamental
concept in security that reduces risk to the business or
organization. To establish a secure system, electronic
access control systems are used that depend on user
credentials, access card readers, auditing and reports to
track employee access to restricted business locations
and areas. These systems include access control panels
to prohibit entry to sensitive areas like alarms and lock
down areas to prevent unauthorized access or operations.
Access control systems perform identification,
authentication, and authorization of users and entities by
evaluating required login credentials that may include
passwords, pins, bio-metric scans or other authentication
factors. There is multi-factor authentication which
requires two or more authentication factors which is often
an important part of the layered defense to protect access
control systems. Authentication Factors:

Password or PIN
 Bio-metric measurement (fingerprint & retina scan)
Card or Key

For computer security, access control include the

authorization, authentication and audit of the entity trying
to gain access. Access control models have a subject and
an object.

The Subject-the human user-is the one trying to gain

access to the object-usually the software. In computer
systems, an access control list contains a list of
permissions and the users to whom these permissions
apply.

Authentication Mechanism:

1. Two-factor authentication
2. Multi factor authentication
3. one-time password
4. Three-factor authentication
5. Bio metrics
6. Hard Tokens
7. Soft Tokens
8. Contextual Authentication
9. Device identification

Different access control models are used depending on

the compliance requirements and the security levels of
information technology that is to be protected. Basically
access control is of 2 types:
 1. Physical Access Control: Physical access control
restricts entry to campuses, buildings, rooms and
physical IT assets.
2. Logical Access Control: Logical access control
limits connections to computer networks, system
files and data.

Access Control Models:

1. Attribute-based Access Control (ABAC): In this

model, access is granted or declined by evaluating a
set of rules, policies, and relationships using the
attributes of users, systems and environmental
conditions.
2. Discretionary Access Control (DAC): In DAC, the
owner of data determines who can access specific
resources.
3. History-Based Access Control (HBAC): Access is
granted or declined by evaluating the history of
activities of the inquiring party that includes behavior,
the time between requests and content of requests.
4. Identity-Based Access Control (IBAC): By using
this model network administrators can more
effectively manage activity and access based on
individual requirements.
5. Mandatory Access Control (MAC): A control model
in which access rights are regulated by a central
authority based on multiple levels of security.
Security Enhanced Linux is implemented using MAC
on the Linux operating system.
6. Organization-Based Access control (OrBAC): This
model allows the policy designer to define a security
policy independently of the implementation.
7. Role-Based Access Control (RBAC): RBAC allows
access based on the job title. RBAC eliminates
discretion on a large scale when providing access to
objects. For example, there should not be
permissions for human resources specialist to create
network accounts.
8. Rule-Based Access Control (RAC): RAC method is
largely context based. Example of this would be only
allowing students to use the labs during a certain
time of day.