Access Control
" Going all the way back to early time-sharing systems, we systems people regarded the users,
and any code they wrote,as the mortal enemies of us and each other. We were like the police
force in a violent slum." ROGER NEEDHAM
Access control
In simple words, access control is a method or a mechanism of authorization to enforce that requests to a system resource or functionality should be granted.
Why do we need it ??
The obvious reason for controlling access :
is to prevent unauthorized access of someone that may steal or damage property or harm people.
The two additional reasons that these systems are commonly deployed are :
1)Improving productivity of employees.
2) limiting exposure to liability.
Access Control process
When you tell the system who you are, and the system proves that you are (or you aren't) who you claim to be.
In security terms, this two-step process is called identification and authentication.
Identification & Authentication
1)Something you know.
The most familiar example is a password. The theory is that if you know the secret password for an account, you must be the owner of that account. There is a problem with this theory: You might give your password away or have it stolen from you.
2)Something you have.
Examples are keys, tokens, badges, and smart cards you must have to "unlock" your terminal or your account. The theory is that if you have the key or equivalent, you must be the owner of it. The problem with this theory is that you might lose the key, it might be stolen from you, or someone might borrow it and duplicate it.
3)Something you are.
Examples are physiological or behavioral traits,such as: all kinds of Biometric systems which basically compare your particular trait against the one stored for you and determine whether you are who you claim to be, here are some:
1) Thumbprint or fingerprint scanners are one of the oldest forms of biometrics and have been largely reliable when it comes to authentication. 2) Face and voice recognition systems are similar to fingerprint scanners. Their ease of use makes them favorable, but a user's voice can be recorded and a face can be copied from a photograph, in some cases enabling third-party malicious access to systems. 3) Iris and retinal scans: are considered to be a more secure form of biometric authentication, since copying a person's retinal pattern is a much more difficult task than copying a fingerprint. 4) Keystroke dynamics-based authentication system This technology measures a users keystroke style and speed -- words typed per minute, common errors, letter sequence -- and stores that information in a system directory to be used in the future to authenticate a user. BioPassword Inc., Aladdin Knowledge Systems Ltd. and Deepnet Security Ltd. are three vendors that offer keystroke dynamics products. |
Although biometric systems occasionally reject valid users and accept invalid ones, they are generally quite accurate. The problem with these authentication systems is that, on the whole, people aren't comfortable using them.