Access control types include preventive, detective, corrective, deterrent, recovery, directive, and compensation access controls. They are implemented as administrative controls, logical/technical controls, and/or physical controls
Access controls are features that control how users interact and communicate with computers, networks and data. Access control and its component controls what type of access a user has based on their authorization level. There are three main types of access control systems:
Discretionary Access Control: DAC enable the owner of a resource to specify which user can access specific resources. It’s based on the discretion of the owner. The DAC structure is used by many systems from Windows, Linux, to OS X. The most common implementation of DAC is through access control lists (ACLs).
In SQL Databases there are additional methods one can use to authenticate users, from login permission, setting up security roles to using windows authentication. You can even create views as to what users can see; but with triggers you can get even more creative.
Triggers let you control input down to the column/row level, and even down to a cell within the database table. It can be coded to even roll-back changes that don’t match your database scheme, or give feedback to a user who is entering the wrong data type.
Mandatory Access Control: MAC user cannot install software change file permission, add new users or change their security level. Users are limited to a specific purpose or given what is known as least privileges, just enough access to do their jobs. This type of system is used mostly by governments for top-secret information.
The MAC system is based on a security label system and users are given (top secret, secret, or confidential) access only. MAC stores data with security labels that are bound to specific subjects and objects. When a user inputs data to the requested object, it is based on clearance level, classification of the object and security policy on the system. The standard setup of a MAC system utilizes a multilevel security policy where data is classified and labeled based on clarence level; meaning every file, directory, and device has a security label.
Role Based Access Control: RBAC is a centrally administrated control methodology which subjects and object are determined by an admin. The access control levels are based around the role the user holds within the organization in which the user is given the least amount of privileges the user needs to fulfil their responsibilities.
A role can be assigned explicitly or implicitly. If the user is explicitly access is assigned directly to a specific individual. If assigned implicitly, they are assigned the role based on the group and the user inherits those attributes. RBAC is used by organizations with high turnover. Because assigning permissions to a role is easier to manage. You can just delete the user from the role, and you don't have to change the ACLs or objects assigned. You just delete the user from the group they had been assigned too. Many users can belong to many groups with various privileges based on roles, permissions, operations, and sessions defined by the security policy.
Role-based access control can be managed in a number of ways
The physical world and Access controls:
Cameras, guards, smartcards, location, doors, biometrics, Scanners…etc. But training your staff on cyber security should be the number one thing you do.
Cameras can see who is coming and going, but they can also have blind spots or can be placed in the wrong locations. The optimal places to install security cameras; the front door, back door and first-floor windows are the most common entryways. Not to forget the computer room itself, and around your building like the alley. One should also think of the type of lens the camera is using, its focal length and field of view. Camera's are a great asset if correctly placed and monitored by trained staff.
Security Guards are a nice option for a big operation, but special training may need to be given when it comes to data center operations.
Smartcards can add an extra layer of authentication – the three Ss.
Type 1 A Type 1 authentication factor is something you know. Examples include a
Token password, personal identification number (PIN), or passphrase.
Type 2 A Type 2 authentication factor is something you have. Physical devices that a
user possesses can help them provide authentication. Examples include a smartcard,
hardware token, smartcard, memory card, or USB drive.
Type 3 A Type 3 authentication factor is something you are or something you do. It is
a physical characteristic of a person identified with different types of biometrics.
Examples in the something-you-are category include fingerprints, voice prints, retina
patterns, iris patterns, face shapes, palm topology, and hand geometry. Examples in the
something-you-do category include signature and keystroke dynamics, also known as
Smartcards are not easy to hack, but it can be done if the prize is big enough for the taking and the thief is skilled enough with the right equipment. So, any number of techniques can be employed if the hacker is determined to get in.
Password Management is one the most used methods for access control. Using password synchronization systems can reduce the user having to remember many different passwords. Also using self-service password reset systems, can help reduce IT support calls.
Furthermore, going to biometrics, or a token system can also help improve security authentications, but Biometrics like any system can be hacked. Example: Finger Prints can be lifted from a glass, and a mold can be made of a face to fool face recognition systems.
Retina Scans: Retina scans focus on the pattern of blood vessels at the back of the eye. They are the most accurate form of biometric authentication and are able to differentiate between identical twins. However, they are the least acceptable biometric scanning method because retina scans can reveal medical conditions, such as high blood pressure and pregnancy. Older retinal scans blew a puff of air into the user’s eye, but newer ones typically use an infrared light instead
The first thing is to analyze your needs and a cost matrix for Access Controls.
Confidentiality is one of the cornerstones of information security. It gives one the assurance that information was or is not disclosed to unauthorized people. Control mechanisms should be in place to monitor, report and analysis what has been accessed and by whom.
In IT there are many different types of technologies one can use to authenticate users and help you manage access controls and each have their strength and weaknesses.
Overall following a standard either created internal, and an international standard will help you put down a base to build on. But the goal is to have a standard that can be measured in some way and tracked - meaning reporting tools and protocols that are outlined and easy to follow.
Threats on Access Controls can come in many forms:
There are five basic things one can do to protect your privacy and security
I could go on and list all the different Tools to track, protect and log your system, but things are changing fast with some of the newer behavioral-based or Heuristic-based methods along with the great advances in AI systems. Not to forget Quantum computers. As I like the to say - the future is Qubits, and it will hurt if you’re not prepared…...!