Did you know Cybrary's video training is FREE? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
Authentication Authorization and Access Control (part 1) We always need to know who is on our network and why for gaining access to the system. In our next lesson, we look at Authentication Authorization and Access Control in terms account management and administration of rights, permission and password usage. We discuss the entire lifecycle, what happens at each stage of those processes, and where those processes take place during Authentication, Authorization, and then Access Control. [toggle_content title="Transcript"] We always need to know who did what and when on our systems so for that we must have every user have an account or every entity have an account because sometimes it might be another system gaining access to a system or a user gaining access to a system. So every entity must have an account. If you have an account to get on to the system you have to identify yourself to the system. so the first step is identification, in the identification stage which is the first step the system or the user provides the user ID or an email address, the user ID or email address could also be known by many people so it is not all that is required to gain access to the system authentication needs to take place. If we ask ourselves, what is authentication? Authentication is the process by which the system verifies that you are who you say you are, so the system will take your ID and the credentials you submitted, check in the database if access is permitted, the system will grant you access. If access is denied, the system will prevent access to the resources on the system so this is how authentication takes place, if you are locked on to a local machine, authentication takes place in what we call the security's account manage. If you are logging on to the system on a domain authentication takes place on the domain controller. When we authenticate to the system, we use authentication factors i.e. a factor presented to the system to facilitate authentication. There are several factors that could be used for this. One is something you know, here you provide a PIN (Personal Identification Number) a password or a pass phrase. Sometimes we require only one authentication factor, the most common is something you know , you go you try to log on to your email you put in your user ID you identify yourself to the system then you put in your password, that is single factor authentication. You are only authenticating with one factor and in that case it is a password. A pass phrase is a much longer form of a password, it is considered much more secure because there are many more characters in there so a pass phrase is also something you know. And finally the PIN (Personal Identification Number) is something you know. Another authentication factor is something you have; this involves the use of tokens. A token is a physical device in your possession, you press the button in there and it generates a number, you then key in the number to the system with some other requirements then you have access or then you are able to complete the transaction. So it is a device in your possession, we have many types of tokens, tokens could be; cards issued, say you go to a hotel this is your key it's a token, you will need access to a facility you could use the proximity card like this is a token, something in your possession. A token could also be a USB device, so organizational will put your permissions and limitations or restrictions on that USB device. The token must be connected to the system; otherwise the system will not start. Your phone could also be considered a token, some organizations will send you information to that number they have on record for you, so only you in possession of that device have access to the information and that is something in your possession. Our cards we use at the ATM, are also tokens something you have. Something you are, you are using the physical attributes of a person 22 to identify them we call them biometrics. Biometrics involves the physical attributes using the physical attributes of a person to uniquely identify that person. We have finger prints, we have hand geometry, we also have pupil pattern, retina pattern at the back of the eye, facial recognition, DNA and this could be used to uniquely identify one person from the other. Somewhere you are, location based authentication we can allow you authenticate from regular system in enterprise but not at strategic systems, maybe at the help desk or at the receptionist or within the server room, somewhere you are. It could also be based on IP address, so the location where you are at by IP address will determine where you can log on from. Something you do is also used as authentication factors, we have signature dynamics, using pressure sensitive plates, pads we can measure the speed at which you write the signature and the pressure you exert on that pad. So even if someone else was to attempt to fake your signature they could get the pattern right but they can't exert the same pressure neither could they get the same speed so that is for signature dynamics. For keyboard dynamics, we measure your properties on the keyboard we have sensitive keyboards, specialized keyboards that can capture the time you move between the keys and how much time you spend on each key. So the time with which you move between the keys we call that your flight time and also your dwell time so several words are flashed across the screen and you type in those words, the keyboard will capture your flight time and your dwell time. So if someone else has access to the system, they flash the same words yes they can type in the words correctly but they couldn't match your flight time and your dwell time so this could be used to uniquely identify you from those persons. So having these authentication factors, we have to consider what we call single factor authentication and multi factor authentication. Something you know let's call it A, something you have B, C for us to say single factor authentication you could be using A or B or C, you are using only one of them, that is single factor authentication where you are using either A or B or C you are said to be doing single factor authentication. Multi factor authentication or two factor authentication you could be doing AB or BC or CA then it's considered two factor authentication. It's also considered three factor authentication or multi factor authentication if you are doing A,B& C, it's not two factor authentication if you are doing AA or BB or CC so if the two factors come from A it's not factor authentication they must come from different lines to consider them as multi factor authentication. Look out for that on the exam please, so you could be told that I sign in using my PIN and my password that is still single factor because both items are in the same line, you could be told that I have two different tokens that is still single factor because both items are in the same line. I could do hand geometry and I do retina pattern at the back of the eye because both items are in the same line so please watch out for that. Next we talk about authorization, before the system allows access your permissions are reviewed are you a general user or are you an administrator what should you have access to, what should be blocked. The system will review your permission before you finally have access to the system, that way if we need to log down control panel it's locked down this is usually applied where group policy. So if we need to log down certain management interfaces they are locked down and only things for which you are assigned or allowed would you have access based on the principle of least privilege you know, this principle dictates that our users have only the permissions they need to do their work no more no less. So authorization will also take place before you finally have access then you are able to use the system and you are restricted by the system for what you should do and what you shouldn't do and this finally gives room for users to fully use the system. [/toggle_content]
CISSP CISM CISA CHFI CSXF CEH, Cyber Security Specialist & Trainer
Subscribe to become an Insider Pro and get access to premium content such as: