Lesson 14. Authentication and Access: Basics and Beyond

Authentication

The process of verifying a user's identity, typically through credentials like a username and password, but extending to various methodologies. It confirms that a user is who they claim to be.

Access Control

This determines the level of access a user has within a system after their identity has been authenticated. It acts as a digital gatekeeper, regulating information flow between user requests and network resources.

RADIUS (Remote Authentication Dial-In User Service)

An indispensable service for remote workers, enabling secure access to corporate networks from various geographical locations. It enhances security for both wired and wireless connections.

TACACS+ (Terminal Access Controller Access-Control System Plus)

An advanced protocol that separates authentication, authorization, and accounting processes. It uses TCP for secure and encrypted communication, often deployed in financial sectors.

Kerberos

A standardized protocol based on ticket-based authentication that issues time-stamped tickets to enable devices to communicate securely over otherwise insecure networks. Major banks rely on it to safeguard online banking operations.

Identification

The initial step in access control where a user declares who they are, often through a unique ID, email address, or biometric data.

Authorization

The final step in the access control process, where authenticated users are granted a specific level of access appropriate to their role or clearance.

Mandatory Access Control (MAC)

An access control model where the network administrator has ultimate control, assigning labels to users and resources to ensure only those with requisite security clearance gain access.

Discretionary Access Control (DAC)

A flexible access control model that allows resource owners to dictate access permissions, effective in settings where team leads manage data access for their reports.

Role-Based Access Control (RBAC)

An access control model often favored in larger organizations where users are assigned roles, and access rights are granted based on these roles.

Rule-Based Access Control

An access control model that operates through defined rules, enforcing or restricting access based on criteria like time of day.

Multi-Factor Authentication (MFA)

A security strategy that employs two or more distinct authentication factors to verify a user's identity, significantly enhancing security compared to single-factor methods.

Single Factor Authentication (SFA)

An authentication method that relies on only one factor (e.g., a password) to verify identity, making it more vulnerable to compromise.

Strong Authentication

Authentication that encompasses three or more distinct factors to create a highly secure digital fortress with multiple layers of protection.

Access Control Lists (ACL)

Mechanisms used in authorization to ensure users only access resources needed for their roles, adhering to the principle of least privilege.

Principle of Least Privilege

A security principle that dictates users should be granted only the minimum necessary access rights to perform their job functions, thereby minimizing risks.

Separation of Duties

A security control that divides responsibilities among multiple individuals to prevent single-point failures, fraud, or unauthorized access by requiring collaborative actions for task completion.