What Are Access Controls

Access controls are those security systems whose function is to determine who can use what, managing resources, users and permissions according to a series of criteria laid down previously by the system administrator. Access controls are applied in many types of situations, such as physical persons access to facilities, vehicle access to restricted areas, users access to computer systems, control of presence or schedule. Operation of access controls access controls are basically mechanisms which, in function of the identification and authentication of the user, or not authorized access to campuses, data or resources. Access controls play their task in several steps: identification: the user requesting access to the system, which requires some sort of credential that identify you, such as a password, user name, card or fingerprint, that will be subsequently validated the individual or not in the authentication process. Authentication: the system verifies the identity of the user, i.e., checks if the user is who he claims to be, checking the credentials provided by the user in the identification. Authorization: the system checks the permissions of the user and verifies whether it is authorized to access resources requested or to perform functions that aims to. Registration: access controls allow you to know who, what and when accessed, as well as who tries it, so you must save a complete record of all incidents in order to control its activity at all times. Methods of identification and authentication in access controls are used various methods of identification and authentication: systems based on something the user knows: as a password, username or PIN (Personal Identification Number, personal identification number).

Systems based on something the user has: as a card of identification, smart card (smartcard), barcode or USB device. Systems based on a physical characteristic user: this type of access controls are based on verified biometric patterns such as fingerprints, iris, retinal pattern, facial recognition or DNA recognition. Systems based on something the user does: as voice pattern, writing or signature. Systems based on location and schedule: access controls based on the time, logical or physical location of the person. These systems are not mutually exclusive and usually access controls combine several, for example, a card ID and a PIN. Methods of authorization at the stage of authorization of access controls, the system examines applications for users, and by applying a predefined rules, accept them or reject. To define these rules the system administrator assigns permissions in application of some type of security policies. There are many possible approaches in the security policies, such as MAC, DAC, RBAC, ACL, MLS, all denied, all authorized or least privilege.

Comments are closed.

© 2011-2024 RSAWS All Rights Reserved