Access controls are the security features that block or control the ability of a user or system to communicate and interact with another system. Access controls manage access to computers systems, networks, Web servers, extranets, and a variety of other systems and devices. Access controls protect systems from unauthorized access and in most cases determine what levels of authorization are appropriate for a user or system that has been previously validated by an authentication system.

Access control starts with a logon procedure that attempts to identify and validate a user. The user provides some unique credentials such as a password, but fingerprint, voice, or eyeball scanning devices may also be used. A more common access control option is a smart card, which displays a unique access number that the user enters, along with some remembered logon information.

The easiest time for hackers to break into a system is during the logon process. Weak passwords, such as dog's names, are easily guessed by malicious users. Passwords should contain a combination of uppercase and lowercase characters such as "Qp&yTx." However, these are easy to forget, so "acronym passwords" are useful. For example, the complex password "Mbiot4oJ" is derived from "My birthday is on the 4th of July."

Network administrators can usually implement workstation and time restrictions (depending on the operating system) to prevent user access to specific systems at specific times of the day. For example, an administrator can restrict a user from logging on to all computers except the one in their office or from logging on to any computer after closing time. This prevents users from working on unsupervised systems or during off hours. The reason for this is to prevent users from performing illegal activities like downloading the customer database and carrying it out the door.

During logon, the system being accessed may do one of the following:

• It may run its own authentication procedure, comparing the user-supplied information with information it has stored in its own security databases.


• It may hand off the authentication to a security server that handles all network authentications.

The latter method is the most secure because user IDs and passwords are stored on a server that is presumably in a secure physical location where it is professionally managed. The first is less secure because the computer itself holds the security information, which could be hacked by someone who gains physical access to the system.

This topic continues in "The Encyclopedia of Networking and Telecommunications" with the following topics: