Access for everyone. Well, for everyone authenticated.

Have you ever been asked to enter your credentials when trying to access a website or some sort of information? Maybe to access your school’s webpage, your work’s site or a social network? Yes, by credentials I may be referring to username and password or any combination of things to authenticate yourself. Of course, this is called authentication.

Image result for access control meme

This is done to determine if a person or thing is, in fact, who or what he is claiming to be. Though, it is important to make a difference between authentication and authorization. Being authenticated  does not mean you have been granted permission to read, write and/or execute any file. The administrator is in charge of granting this permission. The process of the administrator plus the process of checking user account permissions to access resources is called authorization.

Image result for authentication meme

There exist different authentication factors like:

  • Knowledge factors: a category of authentication credentials consisting of information that the user possesses, like username and password.
  • Possession factor: category of credentials based on items the user has with him, normally a hardware device or a mobile phone.
  • Inherence factors: a category of authentication credentials consisting  of elements that are integral to the individual in question, in the form of biometric data.

On the other hand, access control is a security technique that can be used to regulate who or what can view or use resources in a computing environment. There are two main types of access control: physical (limits access to buildings, rooms, etc.) and logical (limits access to networks, data, etc.).

The four main categories of access control are:

  1. Mandatory access control
  2. Discretionary access control
  3. Role-base access control
  4. Rule-based access control

Access control systems perform different tasks:

  • Authorization
  • Authentication
  • Access approval
  • Accountability of entities

In collaboration with:

References:

Definition: Access control – SearchSecurity

Definition: Authentication – SearchSecurity

One thought on “Access for everyone. Well, for everyone authenticated.”

Leave a comment