Unit -2:

User Authentication and Access Control

Total Marks-10

Topics and Sub-topics

2.1 Identification and Authentication: User name and Password,

Guessing Password, Password Attacks- Piggybacking, Shoulder surfing,
Dumpster diving.
2.2 Biometrics: Finger Prints, Hand Prints, Retina, Patterns, Voice
Patterns, Writing Patterns, Signature, Keysrokes.

2.3 Access Controls: Definition, Authentication mechanism, Principle-

Authentication, Authorization, Audit, Policies: DAC, MAC, RBAC.
2.1 Identification and Authentication
• As the world moves increasingly online, users are constantly being identified,
authenticated, and authorized.
• These terms are often used interchangeably; however, they are not the same and
work differently to achieve specific tasks. 
• Identification is the act of identifying a particular user, often through a
username. Authentication is the proof of this user’s identity, which is commonly
managed by entering a password. 
• Only after a user has been properly identified and authenticated can they then be
authorized access to systems or privileges.
• The authorization aspect assigns rights and privileges to specific resources.
Identification and authentication have specific purposes and are necessary
components of data security. 
2.1 Defining Identification and Authentication
• Identification is the first step in most online transactions and requires a user to
“identify” themselves, usually by providing a name, email address, phone number,
or username.
• This is the process of someone saying that they are a certain person. 
• In an online environment, however, it can be difficult to verify that a person is
giving a real identity and that they are who they say they are. 
• Identities can be verified through providing more information, often a form of
government-issued ID.
• The verification process generally only happens the first time you create an account
or access a site. After this, your identity will be authenticated, often by the creation
of a password to go along with your username.
• When initially signing up, accessing, or onboarding with a system, service, or
company —after your identity has been verified — a form of authentication is set
up. This will be required each additional time the service or application is accessed. 
2.1 Identification and Authentication Continue….
• Digital authentication requires one of the following:
• Something a person knows: a password or security question
• Something a person has: a token, smartcard, ID card, or cryptographic key
• Something a person is: biometric data, such as a fingerprint or facial scan
• The authentication process is a way for a user to prove that they are still the
person they claimed to be during the identification phase. The safest
authentication methods involve multi-factor authentication (MFA), which requires
the use of more than one form of authentication.
2.1.1 Username and Password:
• Login credentials enable users to log in and verify their identities to online
accounts on the internet.
• User credentials are typically a username and password combination used for
logging in to online accounts.
• However, they can be combined with more secure authentication tools and
biometric elements to confirm user identities with a greater degree of certainty.
• Username
• A username is the user identification (user ID) that someone uses as their unique
ID on a computer, network, or service.
• Most websites and online services, such as Facebook and Twitter, allow users to
choose their username, usually tied to an email address or phone number.
2.1.1 Username and Password: Continue….
• Usernames are not always private, so they should not be used on

their own to identify an individual. That is why trusted services pair

these usernames with a password to form login credentials

• Password:

• A password is a secret combination of characters that identify a user and

grant access to a specific device or website.

• A password protects the username that a service or website user chooses

to keep their account and data private and secure.

• Passwords can include letters, numbers, and special characters, and most

secure online services now demand users to choose a password that

combines all three.

2.1.1 Username and Password: Continue….
• Why Strong Usernames and Passwords Are Important

• A digital profile is an online account that includes personal data, which

needs to be protected with secure login credentials.
• Digital profiles exist for a wide range of accounts and applications, from
bank accounts and social media sites to online retailers, collaboration
tools, and gaming websites.
• These accounts typically hold highly sensitive user information, including
their name, date of birth, email address, mailing address, and banking
details. 
• It is vital to use strong login credentials to protect this information from
falling into the wrong hands, as cyber criminals could use it to access
users’ accounts and steal their details.
• How To Create Secure Login Credentials?
• Secure login credentials are vital to protecting users’ identities and preventing
them from becoming identity theft victims.
• There are many best practices that users need to follow when it comes to
creating strong usernames and passwords that keep them and their data secure.

1. Create Long and Complex Passwords:

• One of the best ways to make sure login credentials are secure is to create long
passwords with at least eight characters.
• Passwords should also contain a mixture of lowercase and uppercase letters,
numbers, and special characters.
• Short, simple passwords are easier for hackers to guess or crack using technology,
whereas a unique, complex password that does not use common character
combinations provides greater protection.
• How To Create Secure Login Credentials?
2. Avoid Personal Information:
• People often use easy-to-remember information like their date of birth, family
name, favorite sports team, or phone number as part of their passwords.
However, hackers can use social engineering techniques to find out personal
information then guess or crack passwords.
• It is therefore crucial not to include your personal information in login credentials.

3. Do Not Use an Obvious Username:

• Hackers can also target usernames that are easy to identify, such as a user’s given
name and email addresses, to launch social engineering attacks.
• One way in which hackers can use usernames is through reverse brute-force
attacks, which involves them taking common passwords and trying them against
usernames.
• How To Create Secure Login Credentials?
4. Use Unique Passwords for Important Accounts:
• Passwords should not be shared across accounts, as a hacker that obtains login
credentials for one would then be able to hack into any other service that uses the
password.
• For example, the password used for an email account should not be the same as a banking
password, and an online banking password should not be the same as a credit card PIN
code. It is essential to use unique, complex passwords for important accounts.

5. Do Not Share Credentials:

• Login credentials should never be shared with anyone, even with co-workers or trusted family
members, as this is a significant compliance breach.
•  Insider threats involve an employee stealing corporate data and giving or selling it to a third
party.
• Therefore, if the illegal or unauthorized activity originates from credentials being shared with a
co-worker, the account will be traced back to the original employee. 
• It is also vital to exit to the login screen or even turn off computers when they are not in use at
the end of a working day.
2.1.2 Guessing Password:
• There are a number of methods to crack a user’s password, but the most prominent one is
a Password Guessing Attack. 
• Basically, this is a process of attempting to gain the system’s access by trying on all the
possible passwords (guessing passwords).
• If the attacker manages to guess the correct one, he has complete access to the remote
system, can manipulate the data, and may demand a ransom(price/payment) in exchange
for the system data.

• Classification of Password Guessing attack:

• Most commonly, these types of attacks are classified into following type:

1. Dictionary Attack:
• There are a number of most commonly found passwords online in the form of
dictionaries.
• This dictionary consists of a list of passwords leaked in a data breach or commonly used
passwords. 
• Example: abc123, 123456789, password, abcdef, etc.
2.1.2 Guessing Password: Continue…..
• Prevention:
• Include a combination of upper case letters, lower case, and special symbols into the
password to make it more secure.
• Make sure the password manager you are using is secure and is not engaged in the
selling of data.
• Avoid creating weaker passwords (like password, abc123, etc.), instead create a strong
password (like !ush3r, sn00pdoggyd0G, etc.)
• Create a password with at least 8 characters long, which makes it difficult to carry out
brute-force attacks.

2. Brute force Attack:

• This method includes trying all the possible permutations of passwords until finding the
correct one.
• The time taken depends on the complexity of passwords, weaker passwords can be
cracked within a couple of minutes while the stronger ones may take several hours or
days.
2.1.2 Guessing Password: Continue…..
• Generally, these types of attacks may be detected by the system and the account
may be locked to prevent unauthorized access due to many failed login attempts,
though attackers find ways to bypass the detection and successfully crack the
password.

• Prevention:
• Avoid creating weaker passwords (like password, abc123, etc.), instead create a
strong password (like !ush3r, sn00pdoggyd0G, etc.)
• Create a password with at least 8 characters long, which makes it difficult to carry
out brute-force attacks.
• Regularly change your password in case it is compromised.
• Never include personal information in passwords like name, date of birth, mobile
number, etc. which makes it easier for attackers to guess correctly.
2.1.2 Guessing Password: Continue…..
3. Key logger Attack:
• Key loggers are malicious software made with the purpose to record all the
keystrokes of the user and report them back to the hacker.
• Mostly, the user installs software from unofficial sources believing it to be
legitimate, but that software installs key loggers without the user knowing it. This
results in all the keystrokes being recorded and reported to the hacker; in many
cases, the hacker is able to guess the password easily.

• Prevention:
• Regularly update your software for security patches.
• Buy antivirus software from a reputed company and have a system scan from
time to time.
• Make sure you don’t plug in unknown media devices like pen drives.
2.1.2 Guessing Password: Continue…..
4. Man-in-the-middle attack:
• Basically, in these types of attacks, the hacker intercepts (or get access to the
compromised system) the original connection between the user and Web
App/Server and acts as a middleman between the client and the server.
• In this way, the hacker has access to the information passing between the client
and server, including passwords.
2.1.2 Guessing Password: Continue…..
• Prevention:
• Ensure you have a strong password and two-factor authentication turned on.
• Make sure your router is encrypted.
• Avoid using public Wi-Fi and use a VPN for proper encryption of traffic.
• Make sure the web application you are using is secure and follows HTTPS
protocol.

5. Credential Stuffing Attack:

• One day or the other, we all get to know about data breaches of various websites,
The hacker takes advantage of this.
• Generally, some people do not frequently change their passwords or if they
change, it would be quite similar to the old one, so in times of data breaches, the
hackers try to find your records in the breach and attempt to gain access to your
account by trying different permutations of the leaked password.
2.1.2 Guessing Password: Continue…..
• Prevention:
• Regularly monitor your account for unusual activity.
• Check whether your credentials were ever involved in data breaches.
• Regularly change your password in case it is compromised.
• Have a complex password and make sure they aren’t similar to older ones.
• Make sure your browser or device doesn’t save your passwords, so it is not leaked
in case your device is lost.
2.1.3 Password Attacks:
1. Piggybacking:
• It is using a wireless connection to access an internet connection without
authorization.

• Its objective is to gain free network access which is often exploited to attempt
malicious activities like data breaching and dissemination(spreading) of malware.

• It can also lead to slower internet speed for all the systems connected to the
network. 

• Even if piggybacking isn’t attempted with malicious intent, it’s still illegal because
the user is taking undue advantage of a service they haven’t paid for.
How Does Piggybacking Work?
• Piggybacking attacks were easier and more common in the past because Wi-Fi
networks were unencrypted.
• Anyone within the signal’s range could access a network without entering a
security password. So, hackers just had to be in the range of a wi-fi hotspot’s
signal and select the chosen network from the options presented.
• However, in today’s date, most Wi-Fi networks are encrypted and secured with
passwords, making these attacks more challenging and less common.
• It’s still possible for threat actors to access a network if they have the password or
can crack the encryption.

• Piggybacking Security: How to Prevent Piggybacking?

1. Use Multi-Layered Security For Restricted Areas:
• Use biometrics to add an extra layer of security against piggybacking. 
• This will restrict hackers from accessing your network quickly.
Piggybacking Attack Prevention Continue…
2. Update Anti-Malware and Anti-Virus Software:
• Ensure your anti-malware and anti-virus programs are updated and patched.
• This will protect your data even if perpetrators gain access to your IT infrastructure.
3. Protect Login Credentials:
• Login credentials are beneficial to hackers, so they are always looking for them. They
deploy various social engineering techniques to obtain them.
• You can use multi-factor authentication for additional security. 
4. Educate Your Employees:
• Schedule cyber security awareness training for employees of all seniority levels.
• It’s a cost-effective and practical way to prevent attacks like tailgating and
piggybacking. 
• Ensure each employee is well trained to understand the role they play in responding
to and reporting threats.
Piggybacking Attack Prevention Continue…
5. Use Encryption:
• WPA and WPA 2 are robust encryption systems that can be used to minimize the
probability of attackers intercepting a communication. 

6. Use a Password:
• Set a strong password that has to be used to access the wi-fi connection of your
workplace. Also, change the default password that comes with your router and use
something that isn’t too obvious to crack. You can use password-managing tools for this.

7. Avoid Broadcasting Your Wireless Network’s Name:

• Don’t broadcast your wireless network or SSID to passers-by. Instead select an
unguessable SSID name to make it harder for hackers to crack the password. 

8. Restrict Internet Access to Specific Hours:

• Buy Wi-Fi routers that allow you to configure internet access to only specific hours of the
day. This will minimize the chances of becoming a victim of piggybacking attacks.
2. Shoulder Surfing Attack:
• A shoulder surfing attack describes a situation where the attacker can physically
view the device screen and keypad to obtain personal information.
• It is one of the few attack methods requiring the attacker to be physically close to
the victim to succeed.
• While it might be as simple as looking over the victim’s shoulder as the name
suggests, some attackers will use binoculars, miniature video cameras, or other
optical devices to spy on their victims.
• The goal is to obtain information such as usernames and passwords, personally
identifiable or sensitive information, and credit card numbers.
• While most shoulder surfing attacks will occur with malicious intent, some might
result from nosy people, where it is more an invasion of privacy.
How Shoulder Surfing Attack Works:
• Most shoulder surfing attacks are straightforward: the attacker positions himself
so that they can view the victim’s device screen and the keyboard or keypad if
necessary. As the victim enters and views information on the device, the attacker
records this data.
• The attacker is likely writing or typing the information somewhere in an equally
straightforward manner. Still, more sophisticated attacks may use optical devices,
so they don’t need to be looking over the victim’s shoulder and aren’t as easily
detected.
• An attack where the user has installed some kind of reading device to steal
information (such as a skim reader on an ATM) or attacks where the hacker can
view your screen, and your entries are not shoulder surfing attacks, since these
attacks happen remotely.
Examples Shoulder Surfing Attack:
• While you were using an ATM, someone positioned themselves in such a way that
allowed them to watch you enter your PIN.
• In a rush, you leave the ATM with your card and money without making sure it had
exited entirely out of your account. If the ATM doesn’t require the card to be inserted
for the entire transaction, other transactions are permitted if you don’t confirm that
you have any other transactions to make as long as the attacker knows the PIN.
• Crowded public transit makes it easy for attackers to see the device screens of others
or hear conversations of others. In these cases, they’re literally looking over the
victim’s shoulder.
•  The victim accidentally leaves their device unattended in a public place. Having
watched the victim enter his password into their computer just moments before, the
attacker can unlock the device with this information, putting any sensitive data on the
computer at risk.
How to Protect Yourself from Shoulder Surfing Attacks
1. Eliminate passwords: The ONLY way to ensure the prevention of password-based
attacks is through eliminating passwords. 

2. Add a privacy screen to your devices: Using devices with attached privacy
screens dramatically lessens the risk of data disclosure. Some glass protector
manufacturers have versions with a privacy screen included, which not only
protects your phone’s glass but the information on your phone, too.

3. Always be aware of your surroundings: In public places, don’t let your guard
down. Attackers gravitate to those that they see as the easiest. If you’re
distracted, you may not notice someone is watching you and what you’re
entering into the device or the ATM.

4. Use biometric authentication instead: Biometric authentication, either using

your fingerprint or face, can offer additional security that a PIN cannot. Since the
attacker never sees you enter a physical PIN, they can’t log into the device.
3. Dumpster Diving Attack
• Dumpster diving is the process of searching trash to obtain useful information
about a person/business that can later be used for the hacking purpose.
• This attack mostly targets large organizations or business to carry out phishing
(mostly) by sending fake emails to the victims that appear to have come from a
legitimate source.
• The information obtained by compromising the confidentiality of the victim is
used for Identity frauds .
• What does a hacker look for? 
 Email address/address
• Phone numbers to carry out Vishing
• Passwords and other social security numbers that we might have written on
sticky notes for our convenience
• Bank statements/financial statements
• Medical records
3.• Dumpster Diving Attack
Important documents
Continue……
• Account login credentials
• Business secrets
• Marketing secrets
• Information of the employee base
• Information about the software/tools/technologies that is being used at the company.

• Prevention:
1. Destroy any CDs/DVDs containing personal data.
2. In case you no longer need your PC, make sure you have deleted all the data so that it
can’t be recovered.
3. Use of firewalls can prevent suspicious Internet users from accessing the discarded data.
4. Paper documents should be permanently destroyed/shredded.
5. Companies should lock waste bins and should have a safe disposal policy.

 
2.2 Biometrics:
2.2.1 What is Biometrics ?
• Biometrics is measure of biological or behavioral features which are used for
identification of individuals. Most of these features are inherit and cannot be
guessed or stolen. 

2.2.2 Biometric System: It is a system that takes an individual’s physiological,

behavioral or both traits as input, analyzes it and identifies the individual as
legitimate or malicious user.

 
2.2 Biometrics: Continue…….
• The biometric feature being used must be available in the database for all
individuals in the community before the feature can be used for authentication.
This is called enrollment. 
• Authentication can be in one of the following forms :

1. Identification:
Matching an individuals features against all records to check whether his/her record is
present in the database.

2. Verification:
To check whether the person is who he/she is claiming to be. In this case the features
of the person is matched only with the features of the person they claims to be.

 
2.2.3 Types of Biometrics: 
: 
There are two broad categories of biometrics:

1. Physiological Biometrics

2. Behavioral Biometrics

1. Physiological Biometrics:
• Physical traits(characteristics) are measured for identification and verification in
this type of biometrics.
• The trait should be chosen such that it is unique among the population, and
resistant to changes due to illness, aging, injury, etc. 

2. Behavioral Biometrics:
• Traits of human behavior are measured in this case. Monitoring is required in this
type of biometrics to prevent impersonation by the claimant.
• For example typing rhythm, gait(walk), signature and voice.
2.2.3.1 Physiological Biometric Techniques: 
:  Fingerprint:
1.
• Fingerprints are unique for every individual. They can be measured in several

ways.

• Minutiae-based measurement uses graphs to match ridges whereas image-based

measurement finds similarities between the individuals’ fingertips image and

fingerprint images present in the database.

• It has high level of security and used both for identification and verification.

However, due to old age or diseases/injury, fingerprint may get altered.

• Common usage: in mobiles for verification, in offices for identification.

 
2.2.3.1 Physiological Biometric Techniques: 
2. Facial Recognition:
: 
• Features of the face like distance between nose, mouth, ears, length of face, skin
color, are used for verification and identification.
• Accuracy can be affected by fog, sunglasses, aging, etc.

3. Iris and Retina:

• Patterns found in the eye are unique and can be used for both identification and
recognition.
• Devices to analyze retina are expensive and hence it is less common. Diseases like
cataract may alter iris patterns.

4. Voice Recognition:
• The pitch, voice modulation, and tone, among other things are measured.
• The accuracy can be hindered due to the presence of noise, or due to aging or
illness.

5. DNA:
• DNA is unique and persistent throughout lifetime.
• Thus security is high and can be used for both identification and verification.
 2.2.3.2 Behavioral Biometric Techniques: 
•:  Behavioral Biometrics:

• Traits of human behavior are measured in this case. Monitoring is required in this
type of biometrics to prevent impersonation by the claimant.

1. Signature: Signature is one of the most commonly used biometrics.

• They are used to verify checks by matching the signature of the check against the
signature present in the database.
• Signature tablets and special pens are used to compare the signatures.
• Duration required to write the signature can also be used to increase accuracy.
Signatures are mostly used for verification.

2. Keystroke Dynamics: This technique measures the behavior of a person when

typing on a keyboard. Some of the characteristics take into account are: 
– Typing speed.
– Frequency of errors
– Duration of key depressions
 2.2.4 Biometric Security Mechanism:
•:  Biometric refers study of methods for uniquely recognizing humans based upon
one or more intrinsic physical or behavioral characteristics.
• Biometric identification is used on the basis of some unique physical attribute of
the user that positively identifies the user.
• Physiological are related to shape of the body.

For example finger print, face recognition, DNA, palm print, iris recognition.
• Behavioral are related to the behavior of a person.

For example typing rhythm, gait, signature and voice.

• The first time an individual uses a biometric system is called an enrollment.
• During the enrollment, biometric information from an individual is stored.
• In the subsequent uses, biometric information is detected and compared with the
information stored at the time of enrollment.
 2.2.4 Biometric Security Mechanism: Continue….
•:  1. Preprocessing 2. Sensor
• 3. Feature extractor 4. Template generator
• 5. Matcher 6. Stored templates
• 7. Application device 8. Enrollment
• Figure Biometric Security Mechanism

 
2.2.4 Biometric Security Mechanism: Continue….
Step 1): The first block (sensor) is the interface between the real world and the
: 
system; it has to acquire all the necessary data.

Step 2):The 2nd block performs all the necessary preprocessing.

Step 3) The third block extracts necessary features. This step is an important step as
the correct features need to be extracted in the optimal way.

Step 4) If enrollment is being performed the template is simply stored somewhere

(on a card or within a database or both).if a matching phase is being performed the
obtained template is passed to a matcher that compares it with other existing
templates, estimating the distance between them using any algorithm. The matching
program will analyze the template with the input. This will then be output for any
specified use or purpose.

 
2.2.5 Advantages of Biometric Security:
• Benefits of using Biometric system over traditional authentication systems: 
:  Invariant: Biometric traits are invariant over time as smart cards get damaged
1.
over time but biometric traits doesn’t.

2. Accountability: If there is a security breach, then biometric ensures who can be

the responsible person for the breach but in traditional methods, smart cards can
be stolen and used by someone else. Hence, accountable person is easily
identifiable nowadays by using biometric.

3. Easy to use: Biometric systems are easy to use.

4. Convenient: User doesn’t have to remember passwords, pins and keep safe the
smart cards like before.

5. More secure: Biometric trait can’t be stolen or copied.

 
2.3 Access Control:
• Access control is an essential element of security that determines who is allowed
:  to access certain data, apps, and resources—and in what circumstances.
• In the same way that keys and pre-approved guest lists protect physical spaces,
access control policies protect digital spaces.
•  It is a fundamental concept in security that minimizes risk to the business or
organization.

• Types of Access Controls:

• There are two types of access control: physical and logical.

1. Physical access control limits access to campuses, buildings, rooms and physical IT
assets.

2. Logical access control limits connections to computer networks, system files and
data.

 
2.3 Access Control: Continue…..
• To secure a facility, organizations use electronic access control systems that rely
:  on user credentials, access card readers, auditing and reports to track employee
access to restricted business locations and proprietary areas, such as data
centers.
• Some of these systems incorporate access control panels to restrict entry to
rooms and buildings, as well as alarms and lockdown capabilities, to prevent
unauthorized access or operations.
• Logical access control systems perform identification,
authentication and authorization of users and entities by evaluating required
login credentials that can include passwords, personal identification
numbers, biometric scans, security tokens or other authentication factors.
• Multifactor authentication (MFA), which requires two or more authentication
factors, is often an important part of a layered defense to protect access control
systems.
 2.3.1 Why is access control important?
•:  The goal of access control is to minimize the security risk of unauthorized access
to physical and logical systems.
• Access control is a fundamental component of security compliance programs that
ensures security technology and access control policies are in place to protect
confidential information, such as customer data.
• Most organizations have infrastructure and procedures that limit access to
networks, computer systems, applications, files and sensitive data, such as
personally identifiable information and intellectual property.

2.3.2 Access Control Models:/Access Control Policies:

• Different access control models are used depending on the compliance
requirements and the security levels of information technology that is to be
protected.

 
2.3.2 Access control Models:/Policies
:  Mandatory access control (MAC):
1.
• This is a security model in which access rights are regulated by a central authority
based on multiple levels of security.
• Often used in government and military environments, classifications are assigned
to system resources and the operating system or security kernel.
• MAC grants or denies access to resource objects based on the information
security clearance of the user or device.

2. Discretionary access control (DAC):

• This is an access control method in which owners or administrators of the
protected system, data or resource set the policies defining who or what is
authorized to access the resource.
• Many of these systems enable administrators to limit the propagation of access
rights. A common criticism of DAC systems is a lack of centralized control.
2.3.2 Access control Models: Continue……
:  Role-based access control (RBAC):
3.
• This is a widely used access control mechanism that restricts access to computer
resources based on individuals or groups with defined business functions e.g.,
executive level, engineer level 1, etc. -- rather than the identities of individual
users.
• The role-based security model relies on a complex structure of role assignments,
role authorizations and role permissions developed using role engineering to
regulate employee access to systems. RBAC systems can be used to enforce MAC
and DAC frameworks.

 
2.3.3 Principles of Access Controls:
• There are three main principles of Access Controls: Identification, Authentication
and Authorization.

1. Identification:
• Identification is the act of identifying a particular user, often through a
username. Authentication is the proof of this user’s identity, which is commonly
managed by entering a password. 
• Identification is the first step in most online transactions and requires a user to
“identify” themselves, usually by providing a name, email address, phone number,
or username.
• This is the process of someone saying that they are a certain person. 
• In an online environment, however, it can be difficult to verify that a person is
giving a real identity and that they are who they say they are. 
• Identities can be verified through providing more information, often a form of
government-issued ID.
2.3.3 Principles of Access Controls: Continue….
2. Authentication:
• The authentication process is a way for a user to prove that they are still the
person they claimed to be during the identification phase. The safest
authentication methods involve multi-factor authentication (MFA), which requires
the use of more than one form of authentication.
• Only after a user has been properly identified and authenticated can they then be
authorized access to systems or privileges.

3. Authorization:
• Authorization is the means of regulating who can access what.
• The authorization aspect assigns rights and privileges to specific resources.
2.3.4 Audit:
• The audit process gathers data about activity in the system and analyzes it to
discover security violations or diagnose their cause.
• Analysis can occur offline after the fact or online in real time. In the latter case,
the process is usually called intrusion detection.
• Audit has two components: the collection and organization of audit data and an
analysis of the data to discover or diagnose security violations .
• Audit data needs protection from modification by an intruder.
• Vast amounts of audit data can be recorded. Audit data tends to be captured at a
low level of abstraction.
• Analysis of audit data is often performed only when violations are suspected.