Access Control in Computer Network - GeeksforGeeks 15/02/25, 9:47 PM

Access Control in Computer Network

Last Updated : 19 Jul, 2024

Access control is a security strategy that controls who or what

can view or utilize resources in a computer system. It is a
fundamental security concept that reduces risk to the company or
organization. In this article, we are going to discuss every point
about access control. In this article, we will learn about Access
control and its authentication factors, components of access
control, types of access control, and the Difference between
Authentication and Authorization.

What is Access Control?

Access Control is a method of limiting access to a system or
resources. Access control refers to the process of determining
who has access to what resources within a network and under
what conditions. It is a fundamental concept in security that
reduces risk to the business or organization. Access control
systems perform identification, authentication, and authorization
of users and entities by evaluating required login credentials that
may include passwords, pins, bio-metric scans, or other
authentication factors. Multi-factor authentication requires two or
more authentication factors, which is often an important part of
the layered defense to protect access control systems.

https://www.geeksforgeeks.org/access-control-in-computer-network/ Page 1 of 14
Access Control in Computer Network - GeeksforGeeks 15/02/25, 9:47 PM

Authentication Factors
Password or PIN
Bio-metric measurement (fingerprint & retina scan)
Card or Key

For computer security, access control includes the authorization,

authentication, and audit of the entity trying to gain access.
Access control models have a subject and an object.

Components of Access Control

Authentication: Authentication is the process of verifying the
identity of a user. User authentication is the process of
verifying the identity of a user when that user logs in to a
computer system.
Authorization: Authorization determines the extent of access
to the network and what type of services and resources are
accessible by the authenticated user. Authorization is the
method of enforcing policies.
Access: After the successful authentication and authorization,
their identity becomes verified, This allows them to access the
resource to which they are attempting to log in.
Manage: Organizations can manage their access control
system by adding and removing authentication and
authorization for users and systems. Managing these systems
can be difficult in modern IT setups that combine cloud
services and physical systems.
Audit: The access control audit method enables organizations
to follow the principle. This allows them to collect data about
user activities and analyze it to identify possible access
violations.

How Access Control Works?

https://www.geeksforgeeks.org/access-control-in-computer-network/ Page 2 of 14
Access Control in Computer Network - GeeksforGeeks 15/02/25, 9:47 PM

Access control involves determining a user based on their

credentials and then providing the appropriate level of access
once confirmed. Credentials are used to identify and authenticate
a user include passwords, pins, security tokens, and even
biometric scans. Multifactor authentication (MFA) increases
security by requiring users to be validated using more than one
method. Once a user’s identity has been verified, access control
policies grant specified permissions, allowing the user to proceed
further. Organizations utilize several access control methods
depending on their needs.

Types of Access Control

Aptitude Engineering Mathematics Discrete Mathematics Operating System DBMS Computer Netwo

https://www.geeksforgeeks.org/access-control-in-computer-network/ Page 3 of 14
Access Control in Computer Network - GeeksforGeeks 15/02/25, 9:47 PM

Attribute-based Access Control (ABAC): In this model,

access is granted or declined by evaluating a set of rules,
policies, and relationships using the attributes of users,
systems and environmental conditions.
Discretionary Access Control (DAC): In DAC, the owner of
data determines who can access specific resources.
History-Based Access Control (HBAC): Access is granted or
declined by evaluating the history of activities of the inquiring
party that includes behavior, the time between requests and
content of requests.
Identity-Based Access Control (IBAC): By using this model
network administrators can more effectively manage activity
and access based on individual requirements.
Mandatory Access Control (MAC): A control model in which
access rights are regulated by a central authority based on
multiple levels of security. Security Enhanced Linux is
implemented using MAC on the Linux operating system.
Organization-Based Access control (OrBAC): This model
allows the policy designer to define a security policy
independently of the implementation.
Role-Based Access Control (RBAC): RBAC allows access
based on the job title. RBAC eliminates discretion on a large
scale when providing access to objects. For example, there
should not be permissions for human resources specialist to
create network accounts.
Rule-Based Access Control (RAC): RAC method is largely
context based. Example of this would be only allowing
students to use the labs during a certain time of day.

Different access control models are used depending on the

compliance requirements and the security levels of information
technology that is to be protected. Basically access control is of

https://www.geeksforgeeks.org/access-control-in-computer-network/ Page 4 of 14
Access Control in Computer Network - GeeksforGeeks 15/02/25, 9:47 PM

2 types:

Physical Access Control: Physical access control restricts

entry to campuses, buildings, rooms and physical IT assets.
Logical Access Control: Logical access control limits
connections to computer networks, system files and data.

Challenges of Access Control

Distributed IT Systems: Current IT systems frequently
combine internet and on-premise networks. These systems
may be distributed geographically and comprise various
devices, assets, and virtual machines. Access is allowed to all
of these devices, and keeping track of them can be
challenging.

Policy Management: Policy makers within the organization

create policies, and the IT department converts the planned
policies into code for implementation. Coordination between
these two groups is essential for keeping the access control
system up to date and functioning properly.

Monitoring and Reporting: Organizations must constantly

check access control systems to guarantee compliance with
corporate policies and regulatory laws. Any violations or
changes must be recognized and reported immediately.

Access Control Models: Access control mechanisms provide

varying levels of precision. Choosing the right access control
strategy for your organization allows you to balance
acceptable security with employee efficiency.

https://www.geeksforgeeks.org/access-control-in-computer-network/ Page 5 of 14
Access Control in Computer Network - GeeksforGeeks 15/02/25, 9:47 PM

Types of Authentication Mechanism

Two-factor authentication
Multi-factor authentication
one-time password
Three-factor authentication
Biometrics
Hard Tokens
Soft Tokens
Contextual Authentication
Device identification

What Are Some Methods for Implementing

Access Control?
Virtual Private Networks are one of the most commonly used
techniques to implement access controls. This allows users to
safely access resources remotely, which is critical when working
away from the actual workplace. VPNs can be used by
businesses to offer safe access to their networks when workers
are spread out across the globe. While this is great for security
reasons, it may cause performance concerns, such as latency.
Other techniques of access control include identity repositories,
monitoring and reporting apps, password management tools,
provisioning tools, and security policy enforcement services.

Difference between Authentication and

Authorization

Authentication Authorization

Authorization determines the extent

Authentication is the of access to the network and what

https://www.geeksforgeeks.org/access-control-in-computer-network/ Page 6 of 14
Access Control in Computer Network - GeeksforGeeks 15/02/25, 9:47 PM

process of verifying the type of services and resources are

identity of a user. accessible by the authenticated
user.

It is done before the While this process is done after the

authorization process. authentication process.

It needs usually the While it needs the user’s privilege

user’s login details. or security levels.

The authentication The authorization permissions

credentials can be cannot be changed by user as these
changed in part as and are granted by the owner of the
when required by the system and only he/she has the
user. access to change it.

Authentication
While it determines What
determines whether the
permission does the user have?
person is user or not.

The user authentication The user authorization is not visible

is visible at user end. at the user end.

The user authentication

The user authorization is carried out
is identified with
through the access rights to
username, password,
resources by using roles that have
face recognition, retina
been pre-defined.
scan, fingerprints, etc.

Conclusion

https://www.geeksforgeeks.org/access-control-in-computer-network/ Page 7 of 14