Authentication is the process by which people prove themselves who they are, say they are. It means that the system is verifying whether you are the person what you say you are through credentials. Authentication is composed of two parts: a public statement that can be seen by you and everyone else(“Username”) and a private response that is only known by you(“Password”).
It is the simplest method in Authentication. Password is an example of single factor authentication, where you have to only submit the password and you get access, but nowadays passwords can be easily intercepted or stolen in a variety of ways. The passwords are frequently written down or shared with others. Tokens and Smart Cards are better than passwords because they must be in the respective person’s physical possession.
Multi-Factor Authentication uses two or more factors or methods for checking the identity. The methods generally have 3 steps.
- Something you know (password or pin)
- Something you have (id as a card or Token)
- Something you are (a unique characteristic)
Biometrics is one of the best Example which uses a sensor or scanner to identify unique features of individual body parts and they are much better than passwords as they cannot be shared or spoofed. A token or smart card along with biometrics would be much better this combination cannot be defeated. Biometrics system uses facial recognition and identification, retinal scans, fingerprints, hand geometry, voice recognition, lip movement and keystroke analysis. Biometrics devices are commonly used today to provide authentication for access to computer systems and building security.
The counterpart to authentication is “authorization”. Authorization specifies what that user can do, which means establishing access to resources, such as files and printers or you can have access to the system or on the network. There are a variety of types of authorization systems including user rights, role-based authorization, access control lists, and role-based authorization.
Privileges or user rights are different from permission. User rights provide the authorization to do things that affect the entire system. The ability to create groups, assign users to the group, log into a system. Other user rights are implicit and are generated by default groups, the groups that are created by the operating system instead of by administration. These rights cannot be removed.
Role-Based Authorization (RBAC):
Each job or work within a company has a role to play. Each employee requires privileges (the right to do something) and permissions (the right to access particular resources), but then all users should not be given the right to administer the system.
Access Control Lists (ACLs):
If there are any big social events only limited people are invited. To ensure that only guests are coming to the party, a list of authorized individual names may be provided to those who permit the guest to come in. once the guest arrives the name you provide is checked by the person and then the entry is given or denied.
Information System also used ACLs to determine whether the requested service or resource is authorized. The ability for different types of communication to pass a network device can be controlled by ACLs.
Rule-based authorization requires the development of rules that stipulate what a specific user can do to a system. These rules might provide information such as “User the name is Kelvin can access to resource Z but cannot get access to resource D. More complex rules have combinations like there is a “User Stella can read file P only if she is sitting at the console in the data center.
In a small system, rule-based authorization may not be very much difficult but in larger systems and networks, it is very tedious and difficult to administer.