Access Control in Network Security

What is Access Control ?

Access control is where security engineering meets computer science. In the most basic sense, access control in network security is about determining who gets access to what stuff (files, directories, etc). 
The main function of access control is to control which active subject have access to which passive object using some specific access operation, where subjects are usually people or groups and objects are files or directories.

According to this, objects can be resources that are to be protected from unauthorized access, use, or disclosure. And the subject being the user/s or some non-person entities such as applications & services that the access controls apply to. Therefore, access controls in a more technical way are the tools, policies, and mechanisms that enables us to grant or restrict access to any organization’s digital resource, including everything from restricting or granting access to specific files and databases to IT systems.                                                                                                                                                                              So, these types of logical restrictions prevent unauthorized users from doing things they shouldn’t with someone's personal sensitive systems or data. Also, they help to prevent inadvertent exposure or disclosure of  any sensitive item.



The primary types of access control -

1) Mandatory access control (MAC): Mandatory access control establishes strict security policies for individual users and the resources, systems, or data they are allowed to access. These policies are controlled by an administrator; individual users are not given the authority to set, alter, or revoke permissions in a way that contradicts existing policies. 
Under this system, both the subject and the object must be assigned similar security attributes in order to interact with each other. 


2) Discretionary access control (DAC): Once a user is given permission to access an object, they can grant access to other users on an as-needed basis. This may introduce security vulnerabilities, however, as users are able to determine security settings and share permissions without strict oversight from the system administrator.


3) Role-based access control (RBAC): RBAC establishes permissions based on groups  and roles . Individuals can perform any action that is assigned to their role, and may be assigned multiple roles as necessary. Like MAC, users are not permitted to change the level of access control that has been assigned to their role.

Comments

  1. Kartik SainiDecember 27, 2020 at 7:55 PM

    Informative Blog.
    THE Content is fine tuned.
    ThankYou for Enlightening me.
    Hope You guys post more such blogs.✌️

    ReplyDelete

Post a Comment

Popular posts from this blog

Discretionary Access Control (DAC)

Image
What is Discretionary  access control (DAC) Discretionary access control (DAC) is a type of security access control that grants or restricts object access via an access policy determined by an object's owner group and/or subjects. DAC mechanism controls are defined by user identification with supplied credentials during authentication, such as username and password. DACs are discretionary because the subject (owner) can transfer authenticated objects or information access to other users. In other words, the owner determines object access privileges. Discretionary access control is commonly discussed in contrast to  mandatory access control  (MAC). Occasionally a system as a whole is said to have "discretionary" or "purely discretionary" access control as a way of saying that the system lacks mandatory access control. On the other hand, systems can be said to implement both MAC and DAC simultaneously, where DAC refers to one category of access controls that subje...
Read more

Mandatory Access Control (MAC)

Image
What is Mandatory access control (MAC) Mandatory access control (MAC) is a model of access control where the working framework gives clients access dependent on information secrecy and client leeway levels. In this model, access is conceded on a need-to-know premise: clients need to demonstrate a requirement for data prior to obtaining entrance. Macintosh is viewed as the most secure of all entrance control models. Access rules are physically characterized by framework executives and carefully upheld by the working framework or security piece. Customary clients can't change security credits in any event, for the information they've made.   With MAC, the process of gaining access looks like this : ·          The administrator configures access policies and defines security attributes: confidentiality levels, clearances for accessing different projects and types of resources. ·          The admi...
Read more

Role-Based Access Control (RBAC)

Image
  DEFINITION OF ROLE-BASED ACCESS CONTROL (RBAC) Role-based access control (RBAC) restricts network access based on a person's role within an organization and has become one of the main methods for advanced access control. The roles in RBAC refer to the levels of access that employees have to the network. Employees are only allowed to access the information necessary to effectively perform their job duties. Access can be based on several factors, such as authority, responsibility, and job competency. In addition, access to computer resources can be limited to specific tasks such as the ability to view, create, or modify a file. As a result, lower-level employees usually do not have access to sensitive data if they do not need it to fulfill their responsibilities. This is especially helpful if you have many employees and use third-parties and contractors that make it difficult to closely monitor network access. Using RBAC will help in securing your company’s sensitive data and...
Read more