Access Points

Access Control Mechanisms Online security has now become a very contentious issue worldwide. The ubiquitous nature of the internet provides individuals with access to information irrespective of location. Information can also be gathered seamlessly and effortlessly, thus creating efficiencies for society. Although the benefit of the internet overall are as difficult to explain as they are to enumerated, disadvantages still exist. For one, security and privacy is a concern for countries, governments, and individuals. Data breaches, viruses, identity theft, and other privacy issues cause concern for all internet stakeholders.

In particular, businesses, who are tasked with the oversight of personal information, must contend with an every growing threat of security. To mitigate these concerns organizations often use various access control methods to help deter unwarranted access. These security methods vary in both scope and ability in regards to deterring unwanted access. As such, these methods are constantly updated to help stay ahead of criminal activity (Rhee, 2003). Generally speaking, an access control system relies on credentials to verify an individuals identity.

When a credential is presented to a reader, the reader sends the credential's information, usually a number, to a control panel. This control panel, processes the readers information through electronic means. The control panel then compares the credential's number to an access control list. Depending on the result, the control panel either grants or denies the presented request, and sends a transaction log to a database. This form of access control is called a single factor transaction. Although this transaction may prevent unwarranted entry online, it can easily be manipulated.

For instance, credentials can be stolen or inadvertently given to an individual who should not be granted access. As such, passwords or numbers can easily be manipulated by criminals (Rhee, 2003). To prevent this occurrence, many online companies use two way authentication procedures as a means of access control. There are four main types of authenticating information in regards to access control. 1) The first factor is something the user knows, such as a password, pass-phrase or PIN.

Mutiple passwords of phrases help prvent unwanted access while controlling those who have the ability to enter 2) The second factor is something the user has, such as smart card or a key fob. These items are particularly helpful when used in combination with a password or other authenticating apporatus. Although these physcial access controls can be stolen, it will be difficult to use without a corresponding password. 3) The third factor is something the user is, such as fingerprint, verified by biometric measurement.

This particular factor is gaining favor within the online community for its unique nature and application potential. Mobil phones use this technology to allow or deny entry into the phone. In some instances laptops allow fingerprint passwords to control access. Retinal scans are particularly profound as it is unique to the individual. From a security standpoint, this access control method has the most potential as it is difficult to replicate a finger print, or retinal scan. 4) The forth factor is someone you know.

In this access control concept, another person who knows the individual in question can provide a human element of authentication in situations where systems have been set up to allow for such scenarios. For example, a user may have their password, but have forgotten their smart card.

In such a scenario, if the user is known to designated cohorts, the cohorts may provide their smart card and password, in combination with the extant factor of the user in question, and thus provide two factors for the user with the missing credential, giving three factors overall to allow access (Rhee, 2003) In addition to the factors mentioned above, access can be granted based on specific metrics or criteria. These criteria are particularly useful online, as it allows individuals to limit their overall exposure to a data breach.

There are four main methods in which to do so (Gralla, 2007). 1. Mandatory Access Control (MAC) In MAC, users do not have much freedom to determine who has access to their files. Instead certain categories of clearance of given to certain individuals based on factors such as trust, tenure and knowledge. For example, security clearance for those individuals in the military. In these situations, depending on the level of clearance, certain information can be accessed. 2. Discretionary Access Control (DAC) In DAC, the data owner determines who can access specific resources.

For example, a system administrator.