ITEC4147›Access Control

Network SecurityTopic 5 of 24

Access Control

3 minread

535words

Beginnerlevel

📘 Access Control — Exam Notes (Network Security)

🔐 1. Definition

Access Control is the process of restricting and managing who can access resources (data, systems, networks) and what actions they can perform.

👉 Simple idea: It ensures that only authorized users get the right level of access.

🎯 2. Objectives of Access Control

Protect confidential data
Prevent unauthorized access
Ensure proper use of resources
Maintain accountability (track user actions)

🔑 3. Basic Concepts

🔹 Identification

User claims identity (e.g., username).

🔹 Authentication

Verifying identity.
Example: Password, fingerprint.

🔹 Authorization

Determines what access is allowed.

🔹 Accountability

Tracks user activities (logs, audits).

👉 These steps are often part of AAA (Authentication, Authorization, Accounting).

🧱 4. Types of Access Control Models

🔸 1. Discretionary Access Control (DAC)

Owner controls access to resources.
Example: File permissions in operating systems.

✔ Flexible ❌ Less secure

🔸 2. Mandatory Access Control (MAC)

Access controlled by system policies.
Based on security levels.

✔ Highly secure ❌ Less flexible

🔸 3. Role-Based Access Control (RBAC)

Access based on user roles.

Example:

Admin → full access
Employee → limited access

✔ Easy to manage

🔸 4. Attribute-Based Access Control (ABAC)

Access based on attributes:
- User
- Resource
- Environment

✔ Very flexible and dynamic

🔐 5. Authentication Methods

🔹 1. Something You Know

Password, PIN

🔹 2. Something You Have

Smart card, OTP

🔹 3. Something You Are

Biometrics (fingerprint, face)

👉 Multi-Factor Authentication (MFA) uses two or more methods.

🔑 6. Authorization Techniques

🔸 Access Control Lists (ACL)

List of permissions for users.

🔸 Capability Lists

Defines what a user can access.

⚠️ 7. Common Access Control Attacks

🔹 Password Attacks

Brute force
Dictionary attack

🔹 Privilege Escalation

Gaining higher access rights.

🔹 Session Hijacking

Stealing active session.

🛡️ 8. Access Control Principles

🔸 Least Privilege

Minimum access required.

🔸 Separation of Duties

Tasks divided among users.

🔸 Need to Know

Access only when necessary.

📊 9. Important Rules / Concepts

🔸 Strong Authentication Rule

Use MFA for better security.

🔸 Password Policy

Minimum 8–12 characters
Mix of letters, numbers, symbols

🖼️ 10. Diagram Descriptions

📌 Access Control Process

User → Authentication → Authorization → Resource

📌 RBAC Diagram

Users → Roles → Permissions

📌 MFA Diagram

Show:
- Password + OTP + Biometrics

🧾 11. Real-Life Examples

🔐 Logging into email using password + OTP (MFA)
🏢 Employees accessing files based on roles
🏦 Banking apps using biometric authentication
💻 Admin having more privileges than normal users

📝 Likely Exam Questions

Define access control and its importance.
Explain AAA concept.
Differentiate between authentication and authorization.
Describe DAC, MAC, and RBAC models.
What is multi-factor authentication (MFA)?
Explain access control principles.
What are ACLs?
Describe common access control attacks.
What is least privilege principle?
Write short notes on:

Biometrics
RBAC
MFA

📌 Quick Summary / Conclusion

Access control ensures only authorized users can access resources.
It includes identification, authentication, authorization, and accountability.
Models like DAC, MAC, RBAC, and ABAC define access rules.
MFA and strong policies improve security.
Principles like least privilege reduce risks.

👉 In short: Access control is a key mechanism to protect systems by managing user permissions effectively.

Previous topic 4

Network Security Planning and Policy

Next topic 6

Defense against Network Attacks

Past Papers

Open this section to load past papers

Click on Show Past Papers to see past papers.

ITEC4147›Access Control

Network SecurityTopic 5 of 24

Access Control

3 minread

535words

Beginnerlevel

📘 Access Control — Exam Notes (Network Security)

🔐 1. Definition

Access Control is the process of restricting and managing who can access resources (data, systems, networks) and what actions they can perform.

👉 Simple idea: It ensures that only authorized users get the right level of access.

🎯 2. Objectives of Access Control

Protect confidential data
Prevent unauthorized access
Ensure proper use of resources
Maintain accountability (track user actions)

🔑 3. Basic Concepts

🔹 Identification

User claims identity (e.g., username).

🔹 Authentication

Verifying identity.
Example: Password, fingerprint.

🔹 Authorization

Determines what access is allowed.

🔹 Accountability

Tracks user activities (logs, audits).

👉 These steps are often part of AAA (Authentication, Authorization, Accounting).

🧱 4. Types of Access Control Models

🔸 1. Discretionary Access Control (DAC)

Owner controls access to resources.
Example: File permissions in operating systems.

✔ Flexible ❌ Less secure

🔸 2. Mandatory Access Control (MAC)

Access controlled by system policies.
Based on security levels.

✔ Highly secure ❌ Less flexible

🔸 3. Role-Based Access Control (RBAC)

Access based on user roles.

Example:

Admin → full access
Employee → limited access

✔ Easy to manage

🔸 4. Attribute-Based Access Control (ABAC)

Access based on attributes:
- User
- Resource
- Environment

✔ Very flexible and dynamic

🔐 5. Authentication Methods

🔹 1. Something You Know

Password, PIN

🔹 2. Something You Have

Smart card, OTP

🔹 3. Something You Are

Biometrics (fingerprint, face)

👉 Multi-Factor Authentication (MFA) uses two or more methods.

🔑 6. Authorization Techniques

🔸 Access Control Lists (ACL)

List of permissions for users.

🔸 Capability Lists

Defines what a user can access.

⚠️ 7. Common Access Control Attacks

🔹 Password Attacks

Brute force
Dictionary attack

🔹 Privilege Escalation

Gaining higher access rights.

🔹 Session Hijacking

Stealing active session.

🛡️ 8. Access Control Principles

🔸 Least Privilege

Minimum access required.

🔸 Separation of Duties

Tasks divided among users.

🔸 Need to Know

Access only when necessary.

📊 9. Important Rules / Concepts

🔸 Strong Authentication Rule

Use MFA for better security.

🔸 Password Policy

Minimum 8–12 characters
Mix of letters, numbers, symbols

🖼️ 10. Diagram Descriptions

📌 Access Control Process

User → Authentication → Authorization → Resource

📌 RBAC Diagram

Users → Roles → Permissions

📌 MFA Diagram

Show:
- Password + OTP + Biometrics

🧾 11. Real-Life Examples

🔐 Logging into email using password + OTP (MFA)
🏢 Employees accessing files based on roles
🏦 Banking apps using biometric authentication
💻 Admin having more privileges than normal users

📝 Likely Exam Questions

Define access control and its importance.
Explain AAA concept.
Differentiate between authentication and authorization.
Describe DAC, MAC, and RBAC models.
What is multi-factor authentication (MFA)?
Explain access control principles.
What are ACLs?
Describe common access control attacks.
What is least privilege principle?
Write short notes on:

Biometrics
RBAC
MFA

📌 Quick Summary / Conclusion

Access control ensures only authorized users can access resources.
It includes identification, authentication, authorization, and accountability.
Models like DAC, MAC, RBAC, and ABAC define access rules.
MFA and strong policies improve security.
Principles like least privilege reduce risks.

👉 In short: Access control is a key mechanism to protect systems by managing user permissions effectively.

Previous topic 4

Network Security Planning and Policy

Next topic 6

Defense against Network Attacks

Past Papers

Open this section to load past papers

Click on Show Past Papers to see past papers.