Homework Wk 3
This week we learned that the fundamental components of an IT security system are, authentication and authorization. I will start with authentication. “Authentication is the process of establishing Whether a client is valid in a particular context”. (Security Fundamentals by WebSphere) Authentication means that you gather any unique information for the client, which could be a machine, end-user, or an application. There are three groups used to gather unique information. the knowledge base group deals with passwords and usernames. the key-based group is based on encryption keys key cards or physical keys. the last major group is biometric which involves the usage of DNA fingerprints or voice patterns. These can be used by themself or multiple together as a group. For example, you may log on to a computer system with a key card but also need to have a 4 digit pin to finish the login process. Every computer system uses some sort of authentication to be able to use it. The most basic of these systems is a username and password. Even if you have an email address everyone has used this system in one way or another in their lives. Physical keys are a system that is becoming more widely used. A physical key could be a metal key that locks your computer or even an example is a smart card with a microprocessor or chip implanted in it that you use to log on to the computer. “Authorization is the process of checking whether the authenticated user has access to the requested resource.” (Security Fundamentals by WebSphere) There are two methods used for this, Access control list and capability list. The access control list is the list that is associated with users and what each one can do with the said resource. This process helps separate regular employees from managers and supervisors. For example, a regular security guard may not grant special access to a restricted area but the guard can call over the security manager that has the permissions to the program so that he can grant special access to the secured area. The capability list is the programs that hold the information and list of privileges for any said user. This list has the rights of the said user and how they can or cannot be carried out. These programs are an important part of any IT system and should always be kept up to date.
Carver, A.
Resources:
WebSphere Security Fundamentals, by Peter Kovari
http://www.redbooks.ibm.com/redpapers/pdfs/redp3944.pdf