Network Security is essential for Information Technology. Network security includes the protection of data communication in an integrated system or network against any unauthorized access, modification, disclosure, destruction etc.
Today we’ll talk about What Is Access Control In Network Security, along with some simple examples. In network security, any person who tries to harm or damage a computer is an “Attacker.” The action taken to protect that network is known as “Access Control.”
Access control aims to prevent attackers from accessing confidential information by maintaining confidentiality, integrity, and the availability of system resources. For this reason, user authentication and authorization based on the need-to-know principle should be done during every stage of logical access control implementation. The following section highlights What Is Access Control In Network Security at a glance.
Types of Access Control
There are mainly three types of Access Control:
1. Mandatory Access Control (MAC)
It controls user access to objects based on their clearance and need-to-know principle. MAC is the most restrictive type of access control.
2. Discretionary Access Control (DAC)
The owner of an object decides who gets access to it. It provides the principle of least privilege necessary for user account creation, security policy creation etc.
3. Object-Oriented Access Control (OOAC)
This type of access control is based on a role-based access control model, which means groups or roles are assigned permissions by the system administrator without knowledge or consent of users involved in that group or function, i.e., it uses the concept of separation between mechanism and policy for providing more flexibility in process-oriented operations.
There is also a need for access control in a network organization to ensure only authorized users gain access to computer systems and prevent unauthorized users from accessing critical data. Safeguarding network security is essential. Check out our article “What Are The Basic Safeguards Of Network Security” to check some basic safeguarding means.
Terminologies Related to Network Security
ACE (Access Control Entry)
It is the information that defines which users have been granted or denied what type of access.
ACEs are configured on ACL as “Permit” or “Deny” as an Access Control entry for each corresponding user group.
ACL (Access Control List)
We need pre-configured information about user rights and restrictions either manually or through Active Directory Group Policy Object (GPO) to configure ACL. This list of permissions is set up by the system administrator so that it can be used to determine users with whom network resources can be shared.
LDAP (Lightweight Directory Access Protocol)
It is an open protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP)-based network. LDAP uses TCP ports 389 and 636 and UDP port 389 with SSL encryption.
Types of Access Control List (ACL)
The most common ACL we encounter in day-to-day life is the most commonly known file system called “NTFS.” It has three types of permissions:
1. Allow
If the administrators configured permission and this permission is set, only the users with authentication and authorization would access the resource on which ACL entry exists.
2. Deny
Permission configured by the administrator, if this permission is set, then only the authenticated user who has been denied permission would be able to access the resource on which ACL entry exists.
3. Explicit Deny
Suppose explicit deny has been configured for a specific user or group of users. In that case, it overrides both Allow and Deny entries created either for that user or any other users in the same group as that of the explicitly denied user/group.
Types of Security Controls
We have three different types of security controls working together to implement effective access control in network organization,i.e., Authentication, Authorization, and Access Control.
Authentication
It ensures that we are indeed communicating with who we think we are communicating with (identity verification). It verifies whether the user is who he/she says he/she is.
For example, when logging into your bank account or social networking portal, you have to enter your username and password to log in. When doing that, the site verifies whether or not this information belongs to a natural person. This ensures that you can only use the services of that website if you own the email address that has been used in creating an account on this site.
Authorization
The verification process about specific privileges and access rights associated with a user’s identity (role or group).
For example, when we do online shopping using our credit cards, we might notice an option for authorizing additional payments beyond our usual purchase amount with commas. This would grant us the authority to make that extra payment which might be more than our usual expense for online shopping.
Access Control
It is the process of controlling what resources can be accessed by whom and in what circumstances. For example, if we go back to the previous scenario where you are doing online shopping with your credit card, then before making any transactions, you have been asked to provide a 3D secure password/PIN, which ensures that only you as the owner of the card will have access to purchase goods from this website. No one can use your information or device without your permission, even if they somehow acquire your card details.
Conclusion
In conclusion, defining ACL is a complicated process and requires proper knowledge of network security concepts. In brief, the access control list (ACL) is a set of rules that determine which users can access specified files or programs on a computer.
