Network-Security-Controls

Network Security Controls

Network security controls are used to ensure the confidentiality, integrity, and availability of the network services. These security controls are either technical or administrative safeguards implemented to minimize the security risk. To reduce the risk of a network being compromised, an adequate network security requires implementing a proper combination of network security controls.

These network security controls include:

Access Control
Identification
Authentication
Authorization
Accounting
Cryptography
Security Policy

These controls help organizations with implementing strategies for addressing network security concerns. The multiple layers of network security controls along with the network should be used to minimize the risks of attack or compromise. The overlapping use of these controls ensures defense in depth network security.

Access Control

Access control is a method for reducing the risk of data from being affected and to save the organization’s crucial data by providing limited access of computer resources to users. The mechanism grants access to system resources to read, write, or execute to the user based on the access permissions and their associated roles. The crucial aspect of implementing access control is to maintain the integrity, confidentiality, and availability of the information.

An access control system includes:

– File permissions such as create, read, edit or delete
– Program permissions such as the right to execute a program
– Data rights such as the right to retrieve or update information in a database

There are two types of access controls:

physical and logical. The physical access controls the access to buildings, physical IT assets, etc. The logical access controls the access to networks and data.
In general, access control provides essential services like authorization, identification, authentication, access permissions and accountability.

1)  Authorization determines the action a user can perform
2)  Identification and authentication identify and permit only authorized users to access the systems
3)  The access permissions determine approvals or permissions provided to a user to access a system and other resources
4)  Accountability categorizes the actions performed by a user

Access Control Terminology

The following terminologies are used to define access control on specific resources:

1) Subject: A subject may be defined as a user or a process, which attempts to access the objects. Further, subjects are those entities that perform certain actions on the system.
2) Object: An object is an explicit resource on which access restriction is imposed. The Access controls implemented on the objects further control the actions performed by the user. For example, files or hardware devices.
3) Reference Monitor: It monitors the restrictions imposed according to certain access control rules. Reference monitor implements a set of rules on the ability of the subject to perform certain actions on the object.
4) Operation: An operation is an action performed by the subject on the object. A user trying to delete a file is an example of an operation. Here, the user is the subject. Delete refers to the operation and file is the object.

Access Control Principles

Access control principles deal with restricting or allowing the access controls to users or processes. The principle includes the server receiving a request from the user and authenticating the user with the help of an Access Control Instruction (ACO. The server can either allow or deny the user to perform any actions like read, write, access files, etc.

Access controls enable users to gain access to the entire directory, sub tree of the directory and other specific set of entries and attribute values in the directory. It is possible to set permission values to a single user or a group of users. The directory and attribute values contain the access control instructions. Access control function uses an authorization database, maintained by the security admin, to check the authorization details of the requesting user.

Types of Access Control

Types of access control between how a subject can access an object. The policy for determining the mechanism uses access control technologies and security.

THE TYPES OF ACCESS CONTROL INCLUDE:

 

Discretionary Access Control (DAC)

Discretionary access controls determine the access controls taken by any possessor of an object in order to decide the access controls of the subjects on those objects. The other name for DAC is a need-to-know access model. It permits the user, who is granted access to information, to decide how to protect the information and the level of sharing desired. Access to files is restricted to users and groups based upon their identity and the groups to which the users belong.

Mandatory Access Control (MAC)

The mandatory access controls determine the usage and access policies of the users. Users can access a resource only if that particular user has the access rights to that resource. MAC finds its application in the data marked as highly confidential. The network administrators impose MAC, depending on the operating system and security kernel. It does not permit the end user to decide who can access the information, and does not permit the user to pass privileges to other users as the access could then be circumvented.

Role Based Access Control (RBAC)

In role based access control, the access permissions are available based on the access policies determined by the system. The access permissions are out of user control, which means that users cannot amend the access policies created by the system. Users Identification, Authentication, Authorization and Accounting

Identification: Identification deals with confirming the identity of a user, process, or device accessing the network. User identification is the most common technique used in authenticating the users in the network and applications. Users have a unique User ID, which helps in identifying them.

The authentication process includes verifying a user ID and a password. Users need to provide both the credentials in order to gain access to the network. The network administrators provide access controls and permissions to various other services depending on the user ID’s.
Example: Username, Account Number, etc.

Authentication: Authentication refers to verifying the credentials provided by the user while attempting to connect to a network. Both wired and wireless networks perform authentication of users before allowing them to access the resources in the network. A typical user authentication consists of a user ID and a password. The other forms of authentication are authenticating a website using a digital certificate, comparing the product and the label associated with it.
Example: Password, PIN, etc.

Authentication: Authentication refers to verifying the credentials provided by the user while attempting to connect to a network. Both wired and wireless networks perform authentication of users before allowing them to access the resources in the network. A typical user authentication consists of a user ID and a password. The other forms of authentication are authenticating a website using a digital certificate, comparing the product and the label associated with it.
Example: Password, PIN, etc.

Authorization: Authorization refers to the process of providing permission to access the resources or perform an action on the network. Network administrators can decide the access permissions of users on a multi-user system. They even decide the user privileges. The mechanism of authorization can allow the network administrator to create access permissions for users as well as verify the access permissions created for each user.

In logical terms, authorization succeeds authentication. But, the type of resources or perform an action on the network. Network administrators can decide the access permissions of users on a multi-user system. They even decide the user privileges. The mechanism of authorization can allow the network administrator to create access permissions for users as well as verify the access permissions created for each user.

In logical terms, authorization succeeds authentication. But, the type of authentication required for authorization varies. However, there are cases that do not require any authorization of the users requesting for a service.
Example: A user can only read the file but not write to or delete it.

Accounting: User accounting refers to tracking the actions performed by the user on a network. This includes verifying the files accessed by the user, functions like alteration or modification of the files or data. It keeps track of who, when, how the users access the network. It helps in identifying authorized and unauthorized actions.

Leave a Comment

Your email address will not be published. Required fields are marked *