Site home page
(news and notices)

Get alerts when Linktionary is updated

Book updates and addendums

Get info about the Encyclopedia of Networking and Telecommunicatons, 3rd edition (2001)

Download the electronic version of the Encyclopedia of Networking, 2nd edition (1996). It's free!

Contribute to this site

Electronic licensing info

 

 

Access Control

Related Entries    Web Links    New/Updated Information

  
Search Linktionary (powered by FreeFind)

Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.

Access controls are the security features that block or control the ability of a user or system to communicate and interact with another system. Access controls manage access to computers systems, networks, Web servers, extranets, and a variety of other systems and devices. Access controls protect systems from unauthorized access and in most cases determine what levels of authorization are appropriate for a user or system that has been previously validated by an authentication system.

Access control starts with a logon procedure that attempts to identify and validate a user. The user provides some unique credentials such as a password, but fingerprint, voice, or eyeball scanning devices may also be used. A more common access control option is a smart card, which displays a unique access number that the user enters, along with some remembered logon information.

The easiest time for hackers to break into a system is during the logon process. Weak passwords, such as dog's names, are easily guessed by malicious users. Passwords should contain a combination of uppercase and lowercase characters such as "Qp&yTx." However, these are easy to forget, so "acronym passwords" are useful. For example, the complex password "Mbiot4oJ" is derived from "My birthday is on the 4th of July."

Network administrators can usually implement workstation and time restrictions (depending on the operating system) to prevent user access to specific systems at specific times of the day. For example, an administrator can restrict a user from logging on to all computers except the one in their office or from logging on to any computer after closing time. This prevents users from working on unsupervised systems or during off hours. The reason for this is to prevent users from performing illegal activities like downloading the customer database and carrying it out the door.

During logon, the system being accessed may do one of the following:

  • It may run its own authentication procedure, comparing the user-supplied information with information it has stored in its own security databases.

  • It may hand off the authentication to a security server that handles all network authentications.

The latter method is the most secure because user IDs and passwords are stored on a server that is presumably in a secure physical location where it is professionally managed. The first is less secure because the computer itself holds the security information, which could be hacked by someone who gains physical access to the system.

This topic continues in "The Encyclopedia of Networking and Telecommunications" with the following topics:

  • Windows NT/Windows 2000 access controls
  • Novell NetWare access controls
  • UNIX access controls
  • DACLs (Discretionary Access Control Lists)
  • Access controls and directory serivces
  • Other access control systems

Related topics include "Proxy Servers," "Firewall," "Remote Access," "NAS (Network Access Server)," "Directory Services," "Certificates and Certification Systems," "Security," "Auditing," and "Security Auditing."

Also see the following Internet RFC:

RFC 1492 (An Access Control Protocol, Sometimes Called TACACS)

RFC 1825 (Security Architecture for the Internet Protocol, August 1995)

RFC 2138 (Remote Authentication Dial In User Service, April 1997).

 




Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.
All rights reserved under Pan American and International copyright conventions.