Welcome to “Security Threats: Access

Control, Authorization, and Authentication.” After watching this video, you will be
able to: Define each authentication factor, explain how digital accounting is used,
and identify the four methods of non-repudiation. There are three processes
involved in
logging in to a network or account. Access Control – limiting or granting access
to different areas based on user status. Authorization – giving permission to
access
a computer, network, app, or account. Authentication – proving it’s you
with a password or other credentials. Access control prevents unauthorized
viewing, modification, or copying of data. IT staff use access control
to restrict what users can do, which resources they have access to, and
what functions they are allowed to perform. Access is granted using
the rule of least privilege where access is only granted to resources
that a user needs to fulfil their role. Role-based access control (or RBAC)
follows a company’s org chart. Different customer and employee roles
are set up as groups on a network, and then those groups are
granted certain permissions. When a new user joins the network, they are
assigned to the group that fits their role. They will have the lowest level of
permissions they need to do their job. Authorization is when you have permission
to access a location or do an action. Before you can access an account
or system, you need authorization. Access control must be set up before any
authorization is granted
to maintain data security. And authorization must be set up for your
user account before you’re able to log in. Once you are authorized, you can
then use authentication to log in. Authentication is the act of
confirming the identity of a user. Authentication involves two steps:
entering the correct login information and confirming that it is really you.
Authentication factors used
to confirm identity include: Something you know (like a username, password,
PIN, or answers to security questions), Something you have (like a mobile
device, security key, or security badge), And something you are (biometrics like
facial recognition or a fingerprint, iris, or voice scan). Authentication methods
include
single-factor (or SFA), two-factor (or 2FA), muti-factor (or MFA), and single sign-
on (or SSO). SSO lets you log in to multiple
applications and platforms with one login. 2FA and MFA are the most secure ways to
log in because they require at least
two authentication factors. Access control sets boundaries,
authorization gives access, and authentication confirms identity. In the Security
field, it’s important to
know the right balance between the three A’s: Strictly applying role-based
permissions groups won’t secure data if those groups all have the
same authorization levels. The same is true if groups
have properly set permissions, but are not properly applied by administrators.
Using strong passwords and MFA won’t secure
data if all groups have the same permissions. The same problem exists if groups
have properly
set permissions, but passwords are weak. Using strong passwords and MFA won’t
secure data
if all users are assigned to the same group. The same problem exists if
administrators assign users to the proper groups, but passwords are weak. Best
practice should require
strong authentication, strong authorization, and strong access control. Digital
accounting is used in troubleshooting,
security analysis, forensics, and hacking. Logs: Most software and systems generate
audit logs. Audit logs capture log file events which
can show who did what and how the system behaved. Tracking: Websites can track your
OS, browser
version, installed extensions, screen resolution, installed fonts, time zone,
language, and how
long you spent on a site and what you did there. Cookies: A cookie is code used to
track, personalize, and save information
about your browsing session. Cookies can also be used to ban you from a website
if you've violated any of its conditions for use. Browsing history: is a list
of recently visited websites. Anyone with access to your device
can see what sites you visited. Attackers use browsing history to learn
where they might impersonate their victims, and companies use it to see which
sites you go to on your work computer. Non-repudiation is when you can't
deny being in a specific location. It guarantees that a message sent
between two parties is genuine. Like a digital signature. It includes: Video: Clear
recordings of a person
entering, leaving, or occupying a space Biometrics: fingerprint or iris
scans can confirm whether a person physically accessed a device, network, or area.
Signature: When a signature is used
in conjunction with a hardware token, it becomes a digital signature.
This authenticates the signer. Receipt: A digital receipt proves that a
message was sent from one party to another. In this video, you learned that: Role-
based access control (RBAC) uses network
groups with different permissions levels. The methods of authentication are
single-factor, two-factor, and multi-factor. Authentication factors are something
you know, something you have, something
you are, and somewhere you are. Logs, tracking, cookies, and browsing history are
used to troubleshoot and to
uncover user activity on devices, and non-repudiation uses video,
biometrics, signature, and receipt.