Course Outline: Authentication and Access Control

(Adv. diploma)
Course Title: Authentication and Access Control Course Code:

System Coordinator: Year: Advanced Diploma Credit Hours:

Semester: Contact Hours: 4
Course Lecturer: Office:

Course Description:
This course introduces students to the concepts of authentication and access control, their
components, processes, and structures, as well as the policies, standards and guidelines required to
implement them. As user identification, authentication and proper authorization are essential in
developing, maintaining and implementing a framework for information system security, this course
also immerses students with real-life cases so that they can explore how authentication and access
control protect IT resources from unauthorized use and serve as primary means to ensure
information and data privacy.

Course Objectives:
The objectives of this course are the following:

1. To identify authentication information for information technology and systems

2. To describe access control for information technology and systems
3. To analyze the different stages of authentication procedure
4. To identify the different elements of access control
5. To define unauthorized access and authentication breaches
6. To identify access control solutions
7. To implement authentication and access control systems

Course Prerequisites(s):

Introduction to Cryptography
Windows and Linux System Administration

Course Materials / tools:

No. Materials Description Provided by

1 Lectures MS PowerPoint Slides and Course Facilitator

Text/Reference Books
2 Lab Exercises PDF document Course Facilitator
3 Project List PDF document Course Facilitator
 Course Outline: Authentication and Access Control
Graduate Attributes:
This course is expected to develop the following Graduate Attributes on the students:

1. Scholastic rigor and technical competence, such as: problem solving, critical and analytical
thinking;
2. Discipline and accountability, such as: working independently, responsibility and
authenticity;
3. Innovation, such as: imagination and solution integration; and
4. Lifelong learning, such as: inquisitiveness and adaptability.

Learning Outcomes:

On successful completion of this course, students will be able to:

1. Obtain a strong grasp of the difference among authorization, authentication, and access control;
2. Differentiate the different stages of authentication process employed in various information
systems;
3. Explain the different elements of access control used in various implementations;
4. Evaluate authentication and access control mechanisms used in information systems;
5. Evaluate breaches to authentication and access control mechanisms and processes;
6. Implement basic authentication and access control systems.
 Course Outline: Authentication and Access Control
Course Working Plan:

Assessment
Week
Lectures/Contents Ref. Practical / Lab
#

Introduction to Access Control

Framework
● Access and Access Control
● Components of Access
Week 1

Control: Systems, Text 1, Ch1 / Manage Active Directory

Subjects, Objects Text2, Ch3 Users, Roles and Organizational Units
● Access Control Process:
Identification,
Authentication,
Authorization

Introduction to Authentication
● Importance of
Authentication Manage Group Policy Objects
Week 2

Text1, Ch1 /
● Authentication Factors Text2, Ch3
in Active Directory
◦ Something You Know
◦ Something You Have
◦ Something You Are

Risk Impact on Access Control

● Threats and
Vulnerabilities Configure Windows File Systems Permission
Week 3

Text1, Ch2 /
● Value, Situation and Text2, Ch3
Liability
● Utility of Multi-layered
Access Control System
Unauthorized Access and Security
Breaches
Configure Windows Firewall
● Deterring Information

Quiz No.1
Including Testing IIS Connectivity, Creating
Week 4

Text1, Ch5 /
Theft
Text2, Firewall Rules and Allowing Apps through the
● Access Control Failures: Ch1&3 Firewall Control Panel
People, Technology
● Security Breaches: Types
and Implications

Business Challenges to Access

Control Types
● Business Continuity
Week 5

Packet Tracer Lab:

● Risk and Threat Mitigation Text1, Ch6
Server User Authentication Design
● Solving Challenges with
Access Control Strategies
 Course Outline: Authentication and Access Control
Access Control for Information
Systems
● Access Control: Data, File
Week 6

Text1, Ch8 /
Systems, Executables Text2, Ch2 Encrypt and Decrypt Web Traffic with HTTPS
● Best Practices for Access
Controls for Information
Systems

Physical Security and Access

Control
● Designing a

Mid-Exam
Manage Linux Accounts -
Week 7

Comprehensive Plan Text1, Ch9 /

Text2, Ch3
Users and Groups
● Biometric Access Control
Systems
● Modes of Operation
● Parameters
Technology-related Access Control
Solutions
● Traditional Configure Linux File Systems Permissions
Week 8

Text1, Ch9 /
● Electronic Key Text3, Ch7 and
Management System Packet Tracer Lab: Smart Home
● Fobs and Tokens
● Common Access Cards

Access Control Models

● Discretionary Access
Control
Week 9

Text1,
Packet Tracer Lab:
● Mandatory Access Control Ch10 /
Text3, Ch2 Context-based Access Control
● Role-based Access Control
● Attribute-based Access
Control

Authentication Factors

● Types of Factors
◦ Something You Know
◦ Something You Have
◦ Something You Are
Quiz No.2
Week 10

Text3, Ch2, 4 Configure a Web Application to use both

● Factor Usage Criteria
& 6 / Text1, Password and U2F Authentication
◦ Single-Factor Ch10 (such as FIDO Technology)
Authentication
◦ Two-Factor
Authentication
◦ Three-Factor
Authentication
 Course Outline: Authentication and Access Control
Access Control System
Implementation
Week 11

● Identity Management and

Authenticating Security Communications
Access Control Text1, Ch11
with Digital Signatures
● Multilayered Access
Control Implementations
● Best Practices

Authentication and Key

Establishment Protocols
Week 12

 Secure Socket Layer Configuring a Kerberos Client in Linux

Text 3, Ch7
 Kerberos and Configuring Kerberos Authentication
 Principles in Designing
Authentication Protocols

Public Key Infrastructure and

Encryption
● What is PKI?
Week 13

● Encryption and Text3, Ch2 / Encrypting and Decrypting Files using PKI
Cryptography Text1, Ch13
● Certificate Authorities
Testing Access Control
Systems
Week 14 & 15

Practical Test
Project Presentation & Course Review

Teaching and Learning Methods:

This course will be delivered through the combination of lectures and labs. Students are also encouraged to do
the research using the lab and project work. Students are encouraged to use the (LMS), library and Internet for
acquiring more information regarding the topics given in the lectures.

Students Workload:

Total Contact Hours : 30

Lectures : 2 Hours / Week
Laboratories : 2 Hours / Week
Supported learning / Independent study : 4 Hours / Week
Total : 6 Hours / week of student effort

Facility Required:
● Laboratory PCs with Wi-Fi access
● Firewall Appliance
● Authentication Devices such as YubiKey
● Windows and Linux Server Operating System
● Oracle Virtual Box or VMWare Workstation
 Course Outline: Authentication and Access Control
● Packet Tracer 8.0.1
● Encryption, Decryption and Digital Signature Tools (preferably open-source)
● Kerberos Client in Linux / Kerberos Authentication
● Universal 2nd Factor (U2F) Authentication Tool (such as FIDO)

Assessment and Mark Distribution:

Assessment Quizzes Mid-Term Practical Course Final Total
Exam Project Exam

Weightage 10% 20% 10% 10% 50% 100%

Assessment Measures Learning Outcomes (Map it to LO)

● Quiz 1 1, 2, 5
● Quiz 2 3, 4
● Laboratory Work 4, 5, 6
● Mid-Term Examination 1, 2, 3, 5
● Mini Project 1, 4, 6
● Practical Test 4, 5
● Final Examination 1, 2, 3, 4, 5

Text Books:
S# Title Author Publisher Edition
Access Control, Authentication, and
Public Key Infrastructure
Jones & Bartlett
Chapple, M., Ballad, B., Ballad, T., 2nd
Text1 (https://www.amazon.com/ Learning. ISBN:
Banks, E. (2013) Edition
Authentication-Infrastructure-Bartlett- 9781284031607
Learning-Information/dp/1284031594)

Mechanics of User Identification and

Authentication: Fundamentals of Auerbach
Identity Management Publications /
Routledge Taylor 1st
Text2 Todorov, Dobromir (2007)
(https://www.amazon.com/Mechanics- & Francis Group Edition
User-Identification-Authentication- ISBN-13:
Fundamentals/dp/1420052195) 9781420052190

Authentication and Access Control:

Practical Cryptography Methods and
Tools
Apress Publishing
1st
Text3 Boonkrong, Sirapat (2021) ISBN:
(https://www.amazon.com/ Edition
9781484265703
Authentication-Access-Control-Practical-
Cryptography/dp/1484265696)
 Course Outline: Authentication and Access Control

Reference Books and Website:

S# Title Author Publisher Edition
Pearson
Pfleeger, S.L., Pfleeger, C., 5th
Ref1 Security in Computing ISBN:
Margulies, J. (2015) Edition
9780134085074
Pearson
Computer Security: Principles and 4th
Ref2 Stallings, W., Brown, L. (2017) ISBN-10:
Practice Edition
9780134794105
FIDO Alliance
Ref3 FIDO Alliance fidoalliance.org ---
(fidoalliance.org)

Plagiarism Policy:
Acts of Plagiarism whether intentional or unintentional are not tolerated and you are strongly urged to refer to
UTAS Policy 006 (CAS) and its Procedures for details on the consequences of plagiarism within the UTAS
system.