-
What is C.I.A.
- C= Confidentiality
- I= Integrity
- A= Availability
-
Access Control Types
Type I: What you know – Access control methods related to “what you know” include passwords, numeric keys, PIN numbers, secret questions and answers, and so forth. Basically, Type I access control depends on the user knowing something in order to access the information.
Type II: What you have – You probably use this access control method every day without realizing it. A physical key is used to open a door to your house through a lock – a form of Type II access control. In information security terms, Type II access control methods may include physical keys or cards, smart cards, and other physical devices that might be used to gain access to something.
Type III: What you are – This form of access control is closely related to biometrics or authentication by biological factors. Some high-tech systems may use fingerprints, retinal scans, or even DNA to ensure that a user is who he claims to be. This type of access control is considered the most secure because it requires that a user be physically present whereas the other two can be compromised by theft of a password or a keycard.
-
The Workings behind Access Control
There are essentially three steps to any access control process.
1. Identification: Who is the user?
2. Authentication: Is the user who he says he is?
3. Authorization: What does the user have permission to do?
-
Methods of Access Control
MAC: Mandatory Access Control is the system in which a central administrator or administration dictates all of the access to information in a network or system. This might be used in high-security applications, such as with the label "top-secret government information". Under MAC, subjects (the user or process requesting access) and objects (the item being requested) are each associated with a set of labels. When a subject requests access to an object, access is granted if labels match, and denied if the labels do not match.
DAC: Discretionary Access Control is the system in which the owners of files actually determine who gets access to the information. In this system, a user who creates a sensitive file determines (through his own discretion) who can access that sensitive file. This is considered far less secure than MAC.
RBAC: Role-Based Access Control is related to a system in which the roles of users determine their access to files. For example, if Bob is a member of accounting, he should not be able to access the engineering files.
|
|
