In: Computer Science
Describe the difference between authentication and access control. How do each of these concepts support the confidentiality and integrity of the data they protect? How does the “principle of least privilege” increase this support on the access control side? Describe how multi-factor authentication increases the confidence that someone is who they claim to be (i.e. that the person logging in is actually that person.)
Authentication:- This is one of the security mechanisms to protect the resources from others. When an identity tries to access a system then he should authenticate him or herself as a legitimate user with the credentials that are given before to them. So that only legitimate people can get access to the system by implementing this kind of security mechanism. We can see this type of security mechanism in any website and also in connecting to Wi-FI.
Access Control:- This can also be called Authorization. The name itself says what type of authorization that a user has to access specified resources in the system. This is simply the access giving by the system to use resources or the system can also deny some specified or all the resources. This is all on rights that a user has to access resources. That's why it's access control. Access control like giving specified permission to files like only write or only read or all write, read, and execution. All these come under rights give by the system to the user.
Both of these concepts support data integrity and confidentiality a lot. As both are the best security mechanisms and the data integrity won't get into a problem with this kind of securities and also these mechanisms didn't affect any data in the System. Moreover, confidentiality can be achieved with the help of authentication and later with the help of authorization on resources. All the permitted users are most legitimate and in that also we can monitor and there is no problem to data with these security implementations(exceptional when the security is broken). Clearly, both will support the integrity and confidentiality of the data they protect.
Using the “principle of least privilege” increase the support on the access control side. Because here the least privilege means giving access to only some who are at higher positions and most legitimate and trustable. This principle helps superly as the lesser the number to access the data the lesser the risk to the data. With this principle we can protect whole integrity, confidentiality and everything as only a few trustable people got access to resources.
Multi-factor authentication is super important to implement for security reasons. As I said previously with the help of credentials anyone can get into the system. So if the credentials are known to many then it will be riskier to data. So by enabling multi-factor authentication even one authentication credentials known by other then the other one is there to protect the data. And the legitimate user can now authenticate as he knows two authentication details to get into access the data.
***If you have any doubt please feel free to comment...Thank you Please UPVOTE***