In the world of computing technology, currently experiencing a fairly rapid development where users can control all systems and computing resources using only one platform, namely access control.
What is the importance of access control with computer security, especially for companies? Well, we will discuss it more deeply by listening to the following article.
Table of Contents
Computer Security Concept
Before discussing access control, it is better to first discuss the concept of computer security.
In the world of network computer security is an important component that should not be omitted. This will be associated with the user’s credentials before it can be granted access. In physical systems these credentials can come in many forms, but they cannot be used in larger computer security applications.
Definition of Computer Security
Understanding computer security in English is computer security or known as IT security, which means the security of information used in computers and their networks.
Computer security is a branch of technology also known as information security that is applied to computers. Understanding of computer security can vary according to experts, namely:
John D. Howard in his book “An Analysis of security incidents on the internet” which states that: “Computer security is a preventive measure from attacks by computer users or irresponsible network accessors”.
Meanwhile, according to Gollman computer security system according to his book “Computer Security” states that: “Computer security is related to self-prevention and detection of intruders that are not recognized in the computer system”.
Network Security Concept
Network security uses this concept as a result of several factors.
Network Security Factor
This factor can depend on the base material, but normally at least a few things are:
Confidentiality
Confidentiality is one of the most vital components of computer security. Every data that contains certain information has a different user group and the data can be grouped as needed. So some restrictions to data users have to be defined.
So that the data in the company is usually confidential and should not be known by third parties which aims to maintain company secrets and company strategy.
Integrity
Integrity is a reliable factor of computer security so any available data must be there forever. This computer network must be able to protect against various cyber attacks that change data during the transmission process.
Man-in-the-middle which is a type of attack that can change the integrity of data that is hijacked by hackers or manipulate data sent.
In addition to a secure computer network, you should ensure that the participants of the data transaction to the person communicating the data is reliable and trustworthy.
The security of this data communication can be needed to ensure that the data sent or received does not change.
Availability
The availability of data or services can be easily monitored by users who use the service. Where the unavailability of a service will be a nuisance for a company to progress until the worst is bankruptcy. So for all network activities, the availability of this data is very important for a system that can run continuously correctly.
Nonrepudiation
Every action taken in a secure system has been monitored or logged, which means the tool or tool used to check or log is working properly.
This log can record existing system activities so that it can be used as a benchmark and part of computer security from various attempts at intrusion and data theft.
For example, logs or records of this time can be used as evidence to bring crackers caught and to be prosecuted.
Authenticity
Every computer system must ensure that the parties, objects, and communicating information are true or not fake.
With the tools, you can prove the authenticity of documents, which can be done with watermaking technology to protect intellectual property in the form of digital signatures.
Kinds of Username/Password
The authentication method commonly used is the use of a username and password. This username or password method can work in various types, the following are various username or password methods.
T
no username/password
A system does not need a username or password to access the network. This option is probably the least secure.
-
Static username/password
User name and password are not changed until replaced by administrator or user. Static usernames are vulnerable to attacks, be it playback attacks, eavesdropping, theft, and password cracking programs.
-
Expired username/password
Meanwhile, the username or password method that is not valid until a certain time limit, usually from 30 to 60 days after that, will be reset by the user. Usually this will experience vulnerability to playback attacks, eavesdropping, theft, and password cracking programs, but the vulnerability has a much lower level than a static username or password.
-
One-Time Password (OTP)
This method is the safest of all username and password methods. Most OTP processes are based on a secret passphrase, which is used to create a list of passwords. OTP forces network users to enter different passwords each time they log in. A password is only used once.
Possession
Services on the server side have an important role in security. Software developers report vulnerabilities to software quickly. The reason used is that this loophole may be used by irresponsible parties to infiltrate a system or every computer user. Server and workstation administrators or users should run controls to “update” security issues on a regular basis.
Utility
Hardware can be a little tricky to understand as something that has the potential to have security issues. The truth is that it is very different from what we think, if the hardware is located in an insecure area it has the effect of installing unwanted hardware into the computer network and this can make intrusion easier. Also, if a computer network hardware setting is changed to the default configuration by an outsider.
Several Types of Attacks Against Computer Security
The types of attacks against security can be categorized into four main categories:
Interruption
An asset of a system that is attacked can then become unavailable and unusable by its original user. For example, the destruction of hardware or network channels.
Interception
A person who does not have access authority in an asset. This person can be a person, program, or other system. For example, there is wiretapping of data in a network.
Modification
An unauthorized party can make changes to an asset. For example, there is a change in the value of the data, modifying a program that is not running properly, to modifying the message that is being transmitted into the network.
Fabrication
A party who is not authorized to insert a fake object into a system, for example, is sending fake messages to other people.
Discussion About Access Control
After we discuss about computer security, we will move on to access control. At the beginning of the article we mentioned a little about the importance of access control in the management of computing systems and networks. The following is a discussion of complete access control.
Understanding Access Control
Access control is giving permission to a specific object specifically. Access control itself can limit the users who want to access the object. Without access control, the possibility that something including data can be stolen increases even more.
Access Control Function
The function of this access control is included in the access rights to a place. For example, when we go to a place such as a meeting room. In which there are many safeguards that we will encounter as access control so that this meeting area is really only for those who have the right and are limited. Where only certain people can access the meeting room.
Access Control Method
The three types of access control methods include:
Network Access
Access that can be used and obtained through a network of websites.
System Access
Access which is granted by a system or system access.
Data Access
Access used by users in accessing data.
Access Control Strategy or Technique
There are several things that can be categorized as strategies or techniques of access control, including:
Discretionary Access Control (DAC)
The owner of the access can determine who can access his data and other resources and can determine access permissions.
Mandatory Access Control (MAC)
Where is an organization or group that can grant access permissions based on specific existing levels to classify data or information.
Military Data Classification
For the classification of military data of a commercial nature, which can be seen in the following explanation:
Public : cannot be protected by anything.
Sensitive: where the information stored is very influential on business and trust, the public if not properly protected.
Private: personal information that can have a negative impact on someone in the event of a leak.
Confidential: information where the company can have a negative impact on the organization in the event of data leakage.
Role Based Access Control (RBAC)
Ijik access control given depends on the role he uses in a particular company or organization.
Attribute Based Access Control
This access can be used for a specific attribute, subject, identity, role, name, data, record.
Commercial Data Classification
The most commonly used method is rule based access control. In this method all access can be granted via reference to the security clearance of the subject and the security label of an object.
Then this rule can determine which access requests are granted and which are denied.
Non-Discretionary Access Control
This is an access control design that uses the role of the subject or activity assigned to a subject, to accept or deny access.
Rules Used To Create Access Lists
- Required to have one access list per protocol per direction.
- Standard access lists should be used to the nearest destination.
- The extended access list must be usable to the nearest origin.
- Outbound interface and inbound interface must be seen from the router’s incoming port.
- Access is processed sequentially from top to bottom until there is a match. If nothing matches then the packet can be rejected and discarded.
- There is a deny any statement at the end of the access list. And not visible in the configuration.
- Access lists that can be entered must be filtered in an order from specific to general. So that certain hosts can reject first and group or general later.
- This condition is suitable to be carried out first so that permission or refusal can be carried out if there is a suitable statement.
- Cannot work with the active access list.
- This text editor must be able to be used to create comments.
- This new line can always be added to the end of the access list. As for the command deletion list can use the command no access-list x
- This access list is in the form of an IP which is sent as an unreachable ICMP host message to the sender and will be discarded.
- This access list should be removed with care. There are several versions of iOS that can apply a default deny any to the interface and all traffic will stop.
- Outbound filters cannot affect data traffic originating from local routers.
How Access Control Works
If you have access control, the user will be authorized to access system resources. which must be considered who can access the contents of our files. Who can change and who can share data with other users.
There are 3 basic types of files, namely read, write, and execute. And there are several types of methods, namely ownership method, file types method, self/group/public control method and access control list.
Metode Ownership
- The identity of the creator of the file is saved.
- The creator of the file is the owner of the file.
- Only the owner can access the contents of the file.
- Administrators can also access as well.
Metode File Types
Files used as public files, semi-public files, or private files.
- Public files are all users have full rights to the file.
- Semi-public files are other users only have the right to read and execute only.
- Private files are other users do not have access rights at all.
Metode Self/Group/Public Control
User is the owner of the file, group is a group of users, other is a user who is neither a user nor a group.
Each file or directory has a file permission or protection mode.
The types of protection for this file are:
- r: thing to read files.
- w: the right to write to the file.
- x: the right to run the file.
- -: has no rights.
Metode Access Control List
Contains a list of users and groups with their respective rights.
Example: payroll.exe file given ACL
- <john.account,r>
- <jane.pengj.rw>
- <*.persn,r>
Main Components of Access Control
The first step in any access control system must begin with a system integrity analysis that uses technology that can help devices to run the system.
This will make the software run smoothly so as to prevent attacks from accessing resources.
There are three main components of access control:
Reliable basic computing is hardware and software systems that must be able to maintain the confidentiality and integrity of data.
Authentication is where one has to know who can monitor the system.
Authorization or access control is whether the users who carry out these activities can really be trusted, and determine whether the commands used are correct.
Conclusion
From the explanation above we can conclude that there are several things we need to know about access control. Access control is used to assist administrator users in managing access in using resources, both data, information, and computing.
For more details, you can contact NetData or visit the nds.id website.