Access Control Essay

538 words - 3 pages

In computer security, access control includes authentication, authorization and accountability. In access control models, the human users or software which execute actions are defined as subjects; while the resources or whatever which are intended to be protected from illegal access are designated objects.

Authentication is the process of verifying the credential provider claiming who he or she is. Before a subject open an account in online retailers or financial service firms, there is an initial step knew as identity proofing. That is, the subject must provide enough information to assert who you are. Right now there are three kinds of identity proofing , from simple to complex but with security assurance ascending. They are showed as follow:
1. Classic knowledge-based authentication (KBA), such as ...view middle of the document...

The credential used to identify the subject includes:
1. Something the subject knows, such as Personal Information Number (PIN)
2. Something the subject has, such as smart cards
3. Something the subject is, such as fingerprint
4. The location of the subject, such as inside or outside of a fire wall

Authorization determines whether a subject have permissions to manipulate the objects in the system. Generally there are three kinds of permissions.
1. Read
2. Write
3. Execute

Accountability is intended to keep a record or log about what happened to the system, meanwhile it provides fruitful information for maintenance and improvement. Rather than passively waiting for somebody reviewing the record, it sets up for an active alarm with predefined criteria or thresholds, know as clipping levels.

Access control technologies may be categorized into four main stream technologies.
1. Attribute-based Access Control, in which access is granted not based on the rights of the subject associated with a user after authentication, but based on attributes of the user. For example the claim could be “older than 18”. In this kind of access control, users can be anonymous as authentication and identification are not strictly required.
2. Discretionary Access Control, in which access is determined by the owner of the objects. Two important concepts in DAC are: ownership of the object, access rights and permission.
3. Mandatory Access Control, in which access is not determined by the owner of the objects, but by the system. This kind of access control is used for high confidential system with sensitive data. In MAC system, there are two prime questions with great concerns. One is the sensitivity label for data classification; the other is data import and export.
4. Role-based Access Control, in which access is determined by the system rather than the object owner.

Other Papers Like Access Control

Access Control Systems Essay

2942 words - 12 pages Abstract Access control systems were examined to determine if a network based system would be more reliable and beneficial. Two major systems were determined to be very beneficial to the company. In contrast, the systems would consume a great deal of resources in order to be put into full working order at all sites worldwide. Together these findings suggest that using a network based system can ultimately serve the company better and create

Access Control Methods for Companies Essay

614 words - 3 pages HOMEWORK #3 PART B 1. Shovels and Shingles is a small construction company consisting of 12 computers that have Internet access. For this scenario, I would implement Discretionary/Software controls. With software controls you can determine who has the appropriate permissions to access the 12 computers and with Discretionary Access Control (DAC) allows each user to control access to their own data. DAC is typically the default access

Cis 210 - Access Control System

1264 words - 6 pages CASE STUDY 1 Building an Access Control System As a member of the Information Security team at a small college, you have been made the project manager to install an access control system (ACS) in a dormitory. The ACS will automatically unlock the dormitory doors via an electronic proximity reader and integrate with an existing security camera system. The cameras are designed to face and rotate to record a person as they use their

Building An Access Control System

996 words - 4 pages attacker has gained access, the goal of the attack fails is they are unable to maintain control. Covering tracks once an attacker has violated a system will destroy all evidence of his or her attacks. You could eliminate Trojans, viruses, and worms to your devices before catastrophic damage to your computer systems make it impossible to fix. Theses malicious bugs use different entry points as mentioned earlier. Trojans are able to enter through

Unit 3 Discussion 1: Access Control Models

407 words - 2 pages 45,000 servers. All employees communicate using smart phones and e-mail. Many employees work from home and travel extensively. Role Based Access Control should be used in this scenario because this is a large company with employees who travel and work from home. The roles should be controlled by a Security Administrator who could provide different levels of security to individual users. There would be some overhead in startup to get up and running

It255 Assignment 3

299 words - 2 pages Melissa Burkhardt IT255 Unit 3 Assignment To begin designing a remote access control policy for The Richman Company, several configurations must take place. The Richman corp. uses In a Windows Server 2003-based native-mode domain, you can use the following three types of remote access policies: Explicit allow, the remote access policy is set to "Grant remote access permission" and the connection attempt matches the policy conditions,The

Unit 6 Assignment 6.3

602 words - 3 pages securing data, the first step is to apply an access control policy by creating an access control list (ACL) to help control and manage rights of the data and audits to data access. Using Active Directory in the MS server environment is ideal because a company could easily manage these ACLs that define access for a particular user, group, or system. Within the ACL there are a collection of access control entities (ACE), the three main types are access

Disaster Recovery Plan

590 words - 3 pages | Enhanced Security for Data Access | | Richard Edvalson 1/12/2014 | Contents I. Contents 1 II. Introduction 5 III. Access Control Layers 5 A. The Access Control Perimeter 5 B. Asset Containers 5 C. Workplace Perimeter 5 IV. Access Control Methods and Technical Strategies 5 A. Identification, Authentication, and Authorization 5 B. Logical Access Controls 5 1. Network Architecture Controls 5 2

Protection Scheme

670 words - 3 pages access control list made up with the names of all 5,000 users on it. In this paper I will be discussing and giving you a look into a protection scheme that could be used in an efficient way that will provide that protection to the system. There are certain techniques to protect the systems directories, files, and folders. Most Information Technology (IT) departments will set up appropriate file permissions on the files, set up certain tools to

File Management

807 words - 4 pages control scheme with each user assigned unique user identification number or user ID. Since the access control data is focused on one singular place, switching access control data is easier and there is less requirements for space. Regarding 5,000 users in a UNIX based schemes; an extended access control list is needed. This approach is supported by most of the modern UNIX and UNIX-based operating systems using the FreeBSD approach, whereas the

File Management

572 words - 3 pages File Management Duane Borchick POS/355 December 24, 2012 Paul Rouk File Management Considering a system that is to support 5000 users, but is only to allow 4990 of the users to have access to one file can be accomplished in a variety of different ways. There are two different options of how to complete this task that will be discussed in this paper. The first and most popular way to accomplish this task is to have an access control

Related Essays

Access Control Essay

1625 words - 7 pages 3 in a Series If you’d like to implement Network Access Control, no matter what architecture you select, you definitely want to start by building a small interoperability lab. In this white paper, we’ll give you some advice on what to think about before you get started, and outline what resources you’ll need to have in place in order to begin testing. Any NAC deployment must start by answering three critical questions: 1) What is my access

Access Control Policy Essay

542 words - 3 pages Associate Level Material Appendix F Access Control Policy Student Name: Christopher Waller University of Phoenix IT/244 Intro to IT Security Instructor’s Name: Romel Llarena Date: May 13, 2012 Access Control Policy Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems 1 Authentication Describe how and why

Access Control Policy Essay

1684 words - 7 pages Associate Level Material Appendix F Access Control Policy Student Name: Charles Williams University of Phoenix IT/244 Intro to IT Security Instructor’s Name: Tarik Lles Date: December 4, 2011 Access Control Policy Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems Access control is used to restrict operations, which authorized users can

Remote Access Control Policy Essay

912 words - 4 pages Remote Access Control Policy Definition What is remote access? Remote access is the ability to log onto a network from a distant location. What that means that a computer, a modem, and some kind of remote access software is required to connect to the network. But remote control refers to actually taking control of another computer, whereas remote access means that the remote computer has the ability to become a hot on the network. When you use