From the course: CompTIA Network+ (N10-009) Cert Prep
Access control
From the course: CompTIA Network+ (N10-009) Cert Prep
Access control
- I've got a laptop right here, and it's got some resources on it that I want people to have access to. Eh, I might have some Word documents in a folder, some videos, whatever it might be. And because he's on a network, I want people from all over the network to be able to get to my laptop. Easy enough. But when we start talking about how we let people have access to stuff, primarily within the networking world, we run into authentication and authorization. Authentication basically means what does it take for you to get into the network, the system, the computer, the resource, whatever it might be. And when we're talking about this, we're talking about things like usernames and passwords, we're talking about certificates, we're talking about RSA tokens, we're talking about smart cards, retinal scanners, whatever it might be to allow the world for it to know that you are who you're supposed to be. Now, once we're in there though, so once we're authenticated, now it's, "Well, what can Mike do in there?" And that is where authorization comes into play. So make sure you understand the difference between authentication versus authorization. Now, the cornerstone to pretty much everything that takes place in this process is something that we know generically as an access control list. Access control list exists everywhere. On my computer, I have an access control list that's pretty much usernames and passwords and what people can do on folders. On my wireless network, I have an access control list that determines the password, channels, things like that. On my internet connectivity, I've got an access control list that blocks port numbers and things like that. So access control list is a very generic term, and we have to think very generically about this. So it could be all kinds of different things, but understand that there's almost always going to be some type of access control list when it comes to authentication and authorization. Now, in particular, authorization is kind of interesting because over the years they've come up with a number of ways to do this. So what I'm going to do is I'm going to use folders as my analogy here. And there are three types of access control that you need to be aware of for the Network+. The first one is known as mandatory access control. In a mandatory access control world, you would put labels, like, for example, here's top secret, on an actual resource itself. And based on the label, defined what you could or could not do on that particular resource. So it was pretty much either you could access the resource or not access it. So top secret, as you could tell, this came from the US military, so it's kind of an old fashioned way to do it. There was nothing wrong with mandatory access control other than it was a little bit limiting. So over the years, they came up with another type called discretionary access control. With a discretionary access control, you can actually define the resource in lots of different ways. For example, you can put the term owner onto a user account. So Mike is the owner of this resource. Other people can be readers of the resource, other people can write to the resource, whatever it might be. But discretionary gives a little bit more flexibility with the old school mandatory access control. Now, this was good, but what we really do tend to use today more than anything else is role-based access control. So with a role-based access control, we can finally use something called groups, yay. So with groups, what we can do is we can then create users, put the users into a group. Now pay attention here. And what we can do is we can assign rights and permissions to a group to define what it can do with a shared resource. So if you take a look at, for example, Microsoft Windows and what they call their best practices, they have a mantra if you ever go for Microsoft certification, and we all have this memorized, and it's that users go into groups who then get rights and permissions to folders. So with row based access control, we can use groups to provide all kinds of flexibility that we don't see with mandatory or discretionary access controls. So for the Network+, make sure you can memorize mandatory access control, discretionary access control, and role-based access control.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.