Cyber Security / Authentication Access Control

Authentication

1. It is a process verifying user / process identity by the server system / client system.
2. Authentication uses a (user name and password) / cards / retina scans / voice recognition and fingerprints.
3. Client Authentication by server involves giving a certificate by server to the client using a third party.


Access Control

It is a process of restricting users access by evaluating required login credentials (user name, password, biometric scans, security tokens or other authentication factors).


Types of access control

Access Control Type Access Rights are Regulated By
Mandatory access control (MAC). central authority based on multiple levels of security used by government and military environments
Discretionary access control (DAC). Here owners / administrators set policies which defines who / what is authorized to access the resource. Its systems are a lack of centralized control.
Role-based access control (RBAC). It enforces MAC and DAC frameworks where Individuals / groups with defined business functions (executive, engineer level 1, etc).
Rule-based access control System administrator defines rules based on conditions (time of day / location) that govern access to resource objects.
Attribute-based access control (ABAC) Policies and rules set based on attributes of users, systems and conditions of the system.




Home     Back