Allowing the correct users into a system is a key issue regarding security. Let’s talk about the basics of access control in this lesson.
Access control plays a major role in securing a network. We are going to look at different ways of access and their control.
Identification vs Authentication
According to the book I’m using to study for the exam, knowing and understanding the difference between indetification and authentication is critical to correctly answering the questions. So let’s get started.
Quite simply, identification means claiming an identity and authentication is proving it:
|Saying you’re person XY||Showing a passport/ ID with your picture and the Name XY|
To prove your identity (authentication) there are multiple methods, but they all come down to these five factors:
- Something you know, like a PIN or PW
- Something you have, like an ID or Smartcard
- Something you are, like fingerprints
- Something you do, such as an action you need to take to complete authentification
- Somewhere you are
While the more commonly used methods only involve one factor (such as a PW or PIN) multifactor authentication (MFA) is becoming more popular. These involve two or more factors from the list above. Examples and a simple explanation of MFA can be found here.
Network Access Control
Network access control is more or less a way of continously securing the network, by abiding to the policies and guidelines that were established. But instead of doing it all by yourself you use software and services to reach the goal of securing the network this way. One can be found here.
Tokens are used to identify and authenticate the user. They contain rights and access privileges of the bearer. A token is created every time a user starts a session and is destroyed at the end of it.
These are the protocols you need to know for the exam:
Again here, get familiar with them, not experts.
Make sure the passwords in your network are secure. The best practices include:
|Length||min 8 characters|
|Complexity||Include uppercase, lowercase and special characters. Plus a number.|
|Other||They should not contain usernames, parts or the full name of the user|
Also make sure the passwords expire every 42 Days or more frequent so that the users have to change their passwords. And make sure a user can’t use the same password again and again.
A generic account is an account that is shared between two or more users. The book recommends the following on this subject: Do not use.
Privileges (Group-based and User-assigned)
In most systems you can assing privileged to user or groups. A while ago I wrote a mini series on this topic for linux. You should read them briefly to become familiar with this topic:
They’re short posts called “Quickies” ;).
You can find a list of best practices on this post I wrote a while ago.