Access control is divided into physical access control and logical access control; physical access control, such as users, equipment, doors, locks and security environment requirements stipulated in the standard, while logical access control is based on data It is implemented at the levels of , application, system, network and permissions.
The operating environment of this article: windows7 system, DELL G3 computer
What are the classifications of access control?
Access control can be divided into two levels: physical access control and logical access control. Physical access control meets the requirements of users, devices, doors, locks, and security environments stipulated in the standard, while logical access control is implemented at the data, application, system, network, and permission levels.
Access control technology refers to preventing unauthorized access to any resources, so that the computer system can be used within the legal scope. It refers to a technology that restricts the user's access to certain information items or the use of certain control functions by the user's identity and the defined group to which it belongs. For example, the principle of the UniNAC network access control system is based on this. On top of technology.
Access control is usually used by system administrators to control users' access to network resources such as servers, directories, files, etc.
The concept and elements of access control
Access Control refers to the system's ability to restrict the use of data resources by the user's identity and the predefined policy groups to which it belongs. s method. It is usually used by system administrators to control users' access to network resources such as servers, directories, files, etc. Access control is an important basis for system confidentiality, integrity, availability and legal use. It is one of the key strategies for network security prevention and resource protection. It is also the subject's different actions on the object itself or its resources based on certain control policies or permissions. Authorized access.
The main purpose of access control is to restrict the access subject's access to the object, thereby ensuring that data resources can be effectively used and managed within the legal scope. In order to achieve the above purpose, access control needs to complete two tasks: identify and confirm the user accessing the system, and determine what type of access the user can have to a certain system resource.
Access control includes three elements: subject, object and control policy.
(1) Subject S (Subject). Refers to making a specific request to access a resource. It is the initiator of a certain operation action, but not necessarily the executor of the action. It may be a certain user, or it may be a process, service, device, etc. started by the user.
(2) Object O (Object). Refers to the entity of the resource being accessed. All information, resources, and objects that can be manipulated can be objects. The object can be a collection of information, files, records, etc., or it can be a hardware facility on the network, a terminal in wireless communication, or even another object.
(3) Control strategy A (Attribution). It is a collection of relevant access rules for subjects to objects, that is, a collection of attributes. Access policy embodies an authorization behavior and is also the object's default for certain operational behaviors of the subject.
Function and principle of access control
The main functions of access control include: ensuring that legitimate users access authorized protected network resources and preventing illegal subjects from entering the protected network resources, or prevent legitimate users from unauthorized access to protected network resources. Access control first requires verifying the legitimacy of user identities, and at the same time using control policies for selection and management. After the user's identity and access rights are verified, it is also necessary to monitor unauthorized operations. Therefore, the content of access control includes authentication, control policy implementation and security audit.
(1) Certification. Including the subject's identification of the object and the object's inspection and confirmation of the subject.
(2) Control strategy. By setting a reasonable set of control rules, we ensure that users can use information resources legally within the scope of authorization. It is necessary not only to ensure the reasonable use of authorized users, but also to prevent illegal users from entering the system through infringement and leaking important information resources. At the same time, legal users cannot exceed their authority to exercise functions and access scope beyond their authority.
(3) Security audit. The system can automatically conduct systematic and independent inspection and verification of relevant activities or behaviors in the computer network environment based on the user's access rights, and make corresponding evaluations and audits.
For more related knowledge, please visit the FAQ column!
The above is the detailed content of What is access control divided into?. For more information, please follow other related articles on the PHP Chinese website!