Site home page
Get alerts when Linktionary is updated
Book updates and addendums
Get info about the Encyclopedia of Networking and Telecommunicatons, 3rd edition (2001)
Download the electronic version of the Encyclopedia of Networking, 2nd edition (1996). It's free!
Contribute to this site
Electronic licensing info
Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.
Access controls are the security features that block or control the ability of a user or system to communicate and interact with another system. Access controls manage access to computers systems, networks, Web servers, extranets, and a variety of other systems and devices. Access controls protect systems from unauthorized access and in most cases determine what levels of authorization are appropriate for a user or system that has been previously validated by an authentication system.
Access control starts with a logon procedure that attempts to identify and validate a user. The user provides some unique credentials such as a password, but fingerprint, voice, or eyeball scanning devices may also be used. A more common access control option is a smart card, which displays a unique access number that the user enters, along with some remembered logon information.
The easiest time for hackers to break into a system is during the logon process. Weak passwords, such as dog's names, are easily guessed by malicious users. Passwords should contain a combination of uppercase and lowercase characters such as "Qp&yTx." However, these are easy to forget, so "acronym passwords" are useful. For example, the complex password "Mbiot4oJ" is derived from "My birthday is on the 4th of July."
Network administrators can usually implement workstation and time restrictions (depending on the operating system) to prevent user access to specific systems at specific times of the day. For example, an administrator can restrict a user from logging on to all computers except the one in their office or from logging on to any computer after closing time. This prevents users from working on unsupervised systems or during off hours. The reason for this is to prevent users from performing illegal activities like downloading the customer database and carrying it out the door.
During logon, the system being accessed may do one of the following:
The latter method is the most secure because user IDs and passwords are stored on a server that is presumably in a secure physical location where it is professionally managed. The first is less secure because the computer itself holds the security information, which could be hacked by someone who gains physical access to the system.
This topic continues in "The Encyclopedia of Networking and Telecommunications" with the following topics:
Related topics include "Proxy Servers," "Firewall," "Remote Access," "NAS (Network Access Server)," "Directory Services," "Certificates and Certification Systems," "Security," "Auditing," and "Security Auditing."
Also see the following Internet RFC:
RFC 1492 (An Access Control Protocol, Sometimes Called TACACS)
RFC 1825 (Security Architecture for the Internet Protocol, August 1995)
RFC 2138 (Remote Authentication Dial In User Service, April 1997).
Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.