Unit 04: LO 1 - 1.6 - Control Access Protocols

Think of these protocols like the security measures at an exclusive concert or event. There are steps to make sure only the right people get in and that we know what they do once they're inside.

1. Authentication

• What it Is: This is the process of verifying who you are.

• How It Works: When you show up at the event, the security guard asks for your ID or ticket to confirm that you are indeed the person who should be attending.

• Examples in Tech: This usually involves entering a username and password. More secure systems may use two-factor authentication (2FA), where you have to enter a code sent to your phone or use a fingerprint scanner.

2. Authorization

• What it Is: This determines what you can do or see once you're authenticated.

• How It Works: After confirming your identity, the security guard might give you a wristband that lets you into certain areas of the event but not others. VIP guests might get special access, while general admission has limitations.

• Examples in Tech: In computer systems, this could involve permissions settings. For example, a regular employee might not have access to sensitive HR files, but a manager would.

3. Accounting

• What it Is: This keeps track of what you do once you're in the system.

• How It Works: Imagine there are cameras at the event recording who goes where and what they do, or a logbook where activities are noted down. This helps in case something goes wrong or if there's a need to review actions.

• Examples in Tech: Systems often keep logs that record when users log in, what files they access, and any changes they make. This is crucial for detecting unauthorized activities and is often reviewed as part of security audits.

These three protocols—Authentication, Authorization, and Accounting—often come together in a security model known as AAA (Triple A), and they work in sequence:

• First, you authenticate to prove who you are.

• Next, you're authorized, which determines what you can and can't do.

• Finally, the system keeps track of your activities through accounting.

By understanding and implementing these protocols, you can create a more secure environment that ensures only the right people have access to the information they need, and there's a record of what happens for accountability.