Nowadays, the computer system is inseparable from the organization of a company. By processing confidential data, the latter is obliged to keep it secure to prevent physical or logical entities from accessing computer data. Logical access control constitutes a solution to limit user action in terms of IT security. What are the essential elements to know about logical access control? Here are some ideas for answers.
Definition of logical access control
In companies, we often hear about what we call access control. To know everything about this system, there are two main types of access control: physical access control based on the management of access to buildings as well as access to premises and logical access control which limits access to computer networks and data. Logical access control is thus defined as a system for securing access to an information system. For high security, many companies use these two means of access which are entirely complementary. Moreover, the CNIL or National Commission for Information Technology and Liberties advises the use of various means of identification for a maximum level of security.
What are the elements constituting logical access control?
Logical access control is a practical and reliable security system which aims to verify a person’s right of access to computer data. According to the AAA protocol, it is divided into three distinct elements including authentication, authorization and traceability. Authentication is a step that requires access using a password. As for authorization, it allows authorization to analyze the data. For traceability, it concerns the collection of information on the use of data.
Authentication phase
The authentication stage is not an identification phase. It is based on a verification basis between identity and proof of identity. For this, there are several authentication methods used by companies, namely the password system. It is linked to an identifier allowing access to the information system. With this process, access security is not optimal because a password can be stolen via hacking. In addition, there is the biometric system which is among the reliable methods for authenticating a person. Biometric access has the advantage of limiting the risks of theft as well as the risks linked to theft. This is the case of the fingerprint which is a more reliable control system than a badge.
Authorization phase
Once the user has been identified and authenticated, it is time for the data exploitation authorization phase. For this, it is the administrator who defines the person having the right of access to data. This was applied with the aim of optimally securing resources. If the company uses a biometric reader in this way, the authenticated and authorized user must follow the security requirements indicated by the administrator.
Traceability phase
Traceability is a step whose aim is to fight against usurpations of rights. Indeed, access to computer data must be used in a legal manner but not for malicious purposes. To do this, traceability records all information about the use of data, including the IP address, connection duration and even the date.
What are the types of logical access control?
The type of access control is chosen according to the specific needs of companies:
- Discretionary access control or DAC involves determining control policies. It is carried out by the administrator.
- Mandatory access control allows users to access resources using only the information provided.
- Role-based access control relies on access to data based on the user’s position. Here, resources are considered essential for their functions.
- Attribute-based access control is done based on a set of attributes.