Question

Most IT professionals are familiar with the basic concepts surrounding authentication and access control systems. There are fewer professionals who have taken the time to consider the more granular characteristics of these controls and the options that are available for differentiation, selection, and implementation.

• Describe the combination of authentication and access controls that you believe best balance cost, complexity, and security. Support your position.
• Explain how domain trusts, isolation technologies, and the separation and organization of those technologies can support a network security strategy.
• Describe an example of how encapsulation or encryption contribute to a specific access control or authentication solution.

Answer 1

Combining authentication and access control:

Both these ways are very crucial for security of the network. By combining these two one can ensure that the system has verified users given access to it. With the security in place, the chances of compromising security are less and the cost and complexity are also balanced out. There are many research methodologies in which these two methods are combined together. Such a framework is used to offer a cryptographic solution to the organizations as well. The user can access only what is important for them and what they are given access to. Especially when there are many groups of people this method works the best. It keeps the data confidential and secures the ownership of the user as well.

Domain trust, isolation, and separation of technologies:

Domain trust is very important for an organization. It is also important to use effective strategies pertaining to isolation of various protocols and technologies. The separation helps in limiting the impact of intrusion in the network. If it is done correctly, it can make it hard for the attacker to gain access and locate the data sensitive to the system. It decreases the malicious attempts in the system.

It also acts as a prime firewall in the network.

Example of encapsulation/encryption:

One of the best examples would be in the communication links between a browser and a website. These links are usually encrypted using SSL or secure sockets layers. The messages exchanged between browser and the website traverse huge distances and ultimately pass through different machines and devices on the way to the destination. However, because of the link encryption, it is hard for the malicious users to stop them in between and read the message.