1 of 11

Access control

By,

Dr. SABENABANU A

2 of 11

What is Access Control

  • Access control is a security technique that regulates who or what can view or use resources in a computing environment.
  • It is a fundamental concept in security that minimizes risk to the business or organization.
  • Access control systems perform identification authentication and authorization of users and entities by evaluating required login credentials that can include passwords, personal identification numbers (PINs), biometric scans, security tokens or other authentication factors.

3 of 11

Why Access Control is Important

  • The goal of access control is to minimize the security risk of unauthorized access to physical and logical systems.
  • Access control is a fundamental component of security compliance programs that ensures security technology and access control policies are in place to protect confidential information, such as customer data.
  • Most organizations have infrastructure and procedures that limit access to networks, computer systems, applications, files and sensitive data, such as personally identifiable information (PII) and intellectual property.

4 of 11

How Access Control Works

  • These Access controls work by identifying an individual or entity, verifying that the person or application is who or what it claims to be, and authorizing the access level and set of actions associated with the username or Internet Protocol (IP) address.
  • Directory services and protocols, including Lightweight Directory Access Protocol (LDAP) and Security Assertion Markup Language (SAML), provide access controls for authenticating and authorizing users and entities and enabling them to connect to computer resources, such as distributed applications and web servers.
  • Organizations use different access control models depending on their compliance requirements and the security levels of information technology (IT) they are trying to protect.

5 of 11

Types of Access Control

  • There are two types of Access Controls

1. Physical Access Control

2. Logical Access Control

  • Physical access control limits access to campuses, buildings, rooms and physical IT assets
  • Logical Access Control Logical access control limits connections to computer networks, system files and data.

6 of 11

Access Control Models

  • There are various models are used in Access Controls
  • Mandatory access control (MAC).
  • Discretionary access control (DAC).
  • Role-based access control (RBAC).
  • Rule-based access control.
  • Attribute-based access control (ABAC)

7 of 11

Implementing Access Control

  • Access control is a process that is integrated into an organization's IT environment. It can involve identity management and access management systems.
  • These systems provide access control software, a user database, and management tools for access control policies, auditing and enforcement.
  • When a user is added to an access management system, system administrators use an automated provisioning system to set up permissions based on access control frameworks, job responsibilities and workflows.
  • The best practice of least privilege restricts access to only resources that employees require to perform their immediate job functions.

8 of 11

Challenges of Access Control

  • Many of the challenges of access control stem from the highly distributed nature of modern IT.

1.dynamically managing distributed IT environments;

2. password fatigue;

3. compliance visibility through consistent reporting;

4.centralizing user directories and avoiding application-specific silos.

5.data governance and visibility through consistent reporting.

9 of 11

Example of Access Control

10 of 11

11 of 11