Question

In: Computer Science

Describe the difference between authentication and access control. How do each of these concepts support the...

Describe the difference between authentication and access control. How do each of these concepts support the confidentiality and integrity of the data they protect? How does the “principle of least privilege” increase this support on the access control side? Describe how multi-factor authentication increases the confidence that someone is who they claim to be (i.e. that the person logging in is actually that person.)


Solutions

Expert Solution

Authentication:- This is one of the security mechanisms to protect the resources from others. When an identity tries to access a system then he should authenticate him or herself as a legitimate user with the credentials that are given before to them. So that only legitimate people can get access to the system by implementing this kind of security mechanism. We can see this type of security mechanism in any website and also in connecting to Wi-FI.

Access Control:- This can also be called Authorization. The name itself says what type of authorization that a user has to access specified resources in the system. This is simply the access giving by the system to use resources or the system can also deny some specified or all the resources. This is all on rights that a user has to access resources. That's why it's access control. Access control like giving specified permission to files like only write or only read or all write, read, and execution. All these come under rights give by the system to the user.

Both of these concepts support data integrity and confidentiality a lot. As both are the best security mechanisms and the data integrity won't get into a problem with this kind of securities and also these mechanisms didn't affect any data in the System. Moreover, confidentiality can be achieved with the help of authentication and later with the help of authorization on resources. All the permitted users are most legitimate and in that also we can monitor and there is no problem to data with these security implementations(exceptional when the security is broken). Clearly, both will support the integrity and confidentiality of the data they protect.

Using the “principle of least privilege” increase the support on the access control side. Because here the least privilege means giving access to only some who are at higher positions and most legitimate and trustable. This principle helps superly as the lesser the number to access the data the lesser the risk to the data. With this principle we can protect whole integrity, confidentiality and everything as only a few trustable people got access to resources.

Multi-factor authentication is super important to implement for security reasons. As I said previously with the help of credentials anyone can get into the system. So if the credentials are known to many then it will be riskier to data. So by enabling multi-factor authentication even one authentication credentials known by other then the other one is there to protect the data. And the legitimate user can now authenticate as he knows two authentication details to get into access the data.

***If you have any doubt please feel free to comment...Thank you Please UPVOTE***


Related Solutions

Most IT professionals are familiar with the basic concepts surrounding authentication and access control systems. There...
Most IT professionals are familiar with the basic concepts surrounding authentication and access control systems. There are fewer professionals who have taken the time to consider the more granular characteristics of these controls and the options that are available for differentiation, selection, and implementation. Describe the combination of authentication and access controls that you believe best balance cost, complexity, and security. Support your position. Explain how domain trusts, isolation technologies, and the separation and organization of those technologies can support...
How are access control policies different between industries?
How are access control policies different between industries?
Introduction - Please briefly explain what is meant by Access control/Authentication/Authorization, the role this plays in...
Introduction - Please briefly explain what is meant by Access control/Authentication/Authorization, the role this plays in securing a network and the importance of having policies about Account naming conventions and password management. Account naming convention - What are the suggested format(s) for user accounts to be named? i.e. johndoe, jdoe, john.doe, user1, etc.... Be sure that your account naming convention provides a way to create a unique account name for folks with the same names.   Password length and complexity -...
In reference to network access control, describe some of the access control mechanism used by a...
In reference to network access control, describe some of the access control mechanism used by a network administrator to filter, inspect and detect different forms of traffic.
Explain, in your own words, the difference between access and control views of informational privacy, and...
Explain, in your own words, the difference between access and control views of informational privacy, and describe a case in which a proponent of the access view and a proponent of the control view would disagree about whether an individual had privacy.
Describe the difference between intrinsic and extrinsic control of the heart.
Describe the difference between intrinsic and extrinsic control of the heart.
How do the IEEE 802.1x standards improve network access control?
How do the IEEE 802.1x standards improve network access control?
1.Describe the difference between direct and indirect attacks. 2.Describe the balance between information security and access....
1.Describe the difference between direct and indirect attacks. 2.Describe the balance between information security and access. 3.Explain the difference between a policy and a standard. 4.Go to http://www.NIST.govand find the Incident Response template. Fill in the information on the template.
What is the difference between logical access to the computer and physical access to the computer?...
What is the difference between logical access to the computer and physical access to the computer? Why is the security of both important?
Describe the difference between IP and Network Access layer in TCP protocol and also explain the...
Describe the difference between IP and Network Access layer in TCP protocol and also explain the control information embedded in these two layers
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT