Java Reference
In-Depth Information
system understands that no one but the actual user would know the password entered; therefore,
it is proven that the user trying to gain access to the system is really who he/she claims to be.
Authorization, on the other hand, can be deined as
the process of giving someone permission to
do or have something
; a system administrator deines for the system which users are allowed access
and what privileges they are assigned. Authorization is a mechanism that dictates what the user
can or cannot do in a system. Authorization deines the boundaries for a user in a system and
ensures that the user is able to only perform certain tasks, which he/she has been deined privi-
leges for.
Authentication and authorization are perhaps the most important aspects of information secu-
rity. Almost all concepts of information security revolve around the basic tenets of authentication
and authorization. Both these concepts come together to form
access control
. Access control is a
concept that can be termed as
the ability to permit or deny the use of a particular resource by a par-
ticular entity
. Access control consists namely of authentication, which identiies the entity trying
to gain access to the system and establishes the authenticity of the entity gaining access. Access
control also consists of authorization, which dictates what resources an authenticated user has
access to and otherwise.
7.1.2 An Overview of Access Control
Access control, we have already learned, is the ability to permit or deny the use of a particular
resource by a particular entity. he nature of access control varies based on the environment it
is required for. For instance, physical access control might include armed guards, strong locked
gates, and passcode readers for doors. Network access control may include irewalls, intrusion
prevention systems, proxies, and so on.
For any access control mechanism to be successful, it is essential that three elements be in place:
◾
Authentication
◾
Authorization
◾
Accountability
7.1.2.1 Authentication
Authentication is the process of determining the identity of the user and verifying whether the
user is actually who he/she claims to be. Authentication is one of the most important aspects of
access control as it is imperative to identify and verify the user's credentials before allowing the
user access to the system or entity in question. For instance, several products have holograms
aixed to their packaging. his hologram is a unique symbol of a particular entity or a particular
product and this hologram identiies the product and also proves that the product is genuine and
not a fake product.
From an IT security perspective, authentication usually occurs with a username and password.
Each user of a system is provided with a unique username or user ID and a password. he user-
name/user ID is used to identify the user and the password is used to verify the user's identity and
authenticate him/her into a system. However, a password is not the only way of authenticating a
user. here are four diferent
factors of authentication
that can be used to identify and authenticate
a user into a system. hey are as follows:
Search WWH ::
Custom Search