The user needs to identify different types of the Access Control through the system. They need to provide your identification stage to the system and an Authentication factor to the system.
The system will compare this data to the information in the database. If this is a match you will be allowed to go through the network system and if it does not the users access will be blocked. Authorization will check for your permissions to enter the network. It will check for the Access Control Lists, it will contain the details of the functions or list of permissions that you can perform.
ACCESS CONTROL MODEL
After verifying the identity the users are granted Access Control and authenticated to carry their request further. These users are then allotted the key to the door or the computer they need access to and nothing more than this.
The Access Control Model talks about the right level of control or permission to the users, enabling them to complete their jobs. The subject will try to access the object and hence the system will check for the permissions given to the subject. This model has four flavors,which are Mandatory Access Control, Role Based Access Control (RBAC),and the Discretionary Access Control (DAC). We should have a data classification so that the system controls who will have access to what. IF the subject tries to access the object(files, resources on the networks,etc.), the system will check the security level to determine whether the access should be allowed or denied.
In the Mandatory Access Control (MAC) model gives the owner the Management, Access Control but the end users will have no control over any settings that provide any privilege to anyone.
On the other hand, the Role Based model (RBAC), the access control is based on the position of the individual in an organization. The position already has an access control rather than deploying it with the names of the individuals. It is dictated by the rules, where there are no rules, every subject is allowed to traverse the network. This Access Control in the database depends on the role you play in the organization.
The Discretionary Access Control (DAC) is the least restrictive model. It authorizes the individuals with the complete control over any objects they own along with the programs associated with those objects. It depends on the discretion of the owners who can deny or allow the access to subjects.
Time of Day Restrictions
With the Time of Day restrictions, we have ability to limit the access to the facility, network devices, PC’s based on the day of the week or the time. We could restrain access to the facilities or computers on certain days of the week for some of the individual users or the collective group of the users. We could implement this on the server, thereby reducing the probability of the malicious attacks in some cases.
The Logical Access Control is processed into consideration with the Access Control Lists, Group Policies, Passwords, and Account Restrictions. With the Access Control Lists, the subject is either allowed or denied the permission to access the object. These permission range from “full access” to “read only” to “access denied”. But with the frequent changes that can take place in the ACLs, the system can get cumbersome and one may need to manage many objects.
Group policies allow for the centralized Management, Access Control to a network of computers using the Active Directory(the directory service of Microsoft). Passwords on the other hand, are the logical access control or the logical token. Use of the complicated passwords is a must to maintain the high level of security. The longer the password is, it is complicated to crack it.
We always need to know who did what and where. Every entity has an account gaining access to the system. Identification becomes the first step in which the user provides the email address or the password. But this can be known to many people and hence authentication is needed.