Nowadays, the computer system is an inseparable part of a company's organization. By handling confidential data, the latter is obliged to secure them to prevent physical or logical entities from accessing the computer data. Logical access control is a solution to limit the action of users in terms of computer security. What are the essential elements to know about logical access control? Here are some ideas for answers.
Logical access control definition
In companies, we often hear about what is called access control. There are two main types of access control: physical access control, which is based on managing access to buildings and premises, and logical access control, which limits access to computer networks and data. Logical access control is defined as a system to secure access to an information system. For a high level of security, many companies use these two means of access which are entirely complementary. Moreover, the CNIL or Commission Nationale de l'Informatique et des Libertés advises the use of various means of identification for a maximum level of security.
What are the components of logical access control?
Logical access control is a practical and reliable security system that aims to verify a person's right to access computer data. According to the AAA protocol, it is divided into three distinct elements: authentication, authorization and traceability. Authentication is a step that requires access through a password. As for authorization, it allows an authorization to analyze the data. For traceability, it concerns the collection of information on the use of the data.
Authentication phase
The authentication stage is not an identification stage. It is based on a verification between identity and proof of identity. For this, there are several authentication methods used by companies, namely the system with password. It is linked to an identifier that allows access to the information system. With this method, the security of access is not optimal because a password can be stolen through hacking. In addition, the biometric system is one of the reliable methods of authenticating a person. Biometric access has the advantage of limiting the risks of usurpation and theft. This is the case of the fingerprint which is a more reliable control system than a badge.
Authorization phase
Once the user has been identified and authenticated, it is time to authorize the use of the data. For this, it is the administrator who defines the person who has the right to access the data. This is done in order to optimally secure the resources. If the company uses a biometric reader, the authenticated and authorized user must follow the security requirements specified by the administrator.
Traceability phase
The traceability is a step whose goal is to fight against the usurpations of right. Indeed, the access to computer data must be used in a legal way but not with a malicious purpose. For this purpose, the traceability records all the information about the use of the data, in particular the IP address, the duration of the connection or the date.
What are the types of logical access control?
The type of access control is chosen according to the specific needs of the company:
- Discretionary access control or DAC is the determination of control policies. It is performed by the administrator.
- Mandatory access control allows users to access resources only with the information provided.
- Role-based access control is based on access to data based on the user's position. Here, resources are considered essential for their functions.
- Attribute-based access control is based on a set of attributes.
