Trust and identity management is also supported by access control.
Access control is the ability to enforce a policy that states which entities (such as users, servers, and applications) can access which network resources.
NOTE Access control also indirectly helps ensure confidentiality and integrity of sensitive data by limiting access to the data. In contrast, authorization mechanisms limit the access of an entity to resources based on subject identity.
Network access control mechanisms are classified in the following ways:
■ Authentication mechanisms, which establish the subject's identity.
■ Authorization mechanisms, which define what a subject can do in a network and thus limit access to a network. The granularity of access, such as read-only or write, may also be defined.
■ Accounting mechanisms, such as an audit trail, which provides evidence and accounting of the subject's actions, and real-time monitoring, which provides security services such as intrusion detection.
Authentication, authorization, and accounting (AAA) are network security services that provide a framework through which access control to a network is defined.
Was this article helpful?