Learning Objectives

1. Explain the concepts of identification, authentication, and authorization (AAA).
2. Understand access control models to manage system access.
3. Describe mechanisms to enforce access control policies.
4. Explain Single Sign-On (SSO) to simplify login management.
5. Monitor logs to detect unauthorized access attempts (practical).

• AAA is the foundation of network security: it ensures the right users access the right resources at the right time.
• Access control models (RBAC, DAC, MAC, ABAC) help define structured permissions.
• Practical lab exercises: Check authentication logs, configure access permissions, test SSO login.

Access Control — Introduction

Access Control is the method of deciding who is allowed to access what in a computer system, network, or application. It controls:

• Who can use the system
• What they can do
• Which resources they can access

• Example: Corporate intranet allows HR staff to see salaries, IT to manage servers, and students to access grades.
• Practical: Use chmod and chown commands to control file permissions.

Components of Access Control

1. Identification — Claiming Identity

Users provide unique identifiers like username, ID number, email, or IP address to claim their identity.

• Example: Entering email address before logging in.
• Practical: Check system logs to see how the system records IDs attempting login.

2. Authentication — Proving Identity

Authentication verifies that the claimed identity is true using credentials like password, PIN, or biometrics.

• Example: Entering password for Gmail login or fingerprint unlock on phone.
• Practical: Configure multi-factor authentication (MFA) for enhanced security.

3. Authorization — Granting Permissions

Authorization defines what a verified user can access or perform.

• Example: Student can view grades but cannot modify them.
• Practical: Create users with different permissions in Linux using usermod and groups.

Access Control Models

Models define how permissions and rules are created to control access.

Discretionary Access Control (DAC)

Data owner decides who can access or modify resources. Example: File owner grants read/write.

• Real-life analogy: Your home locker – you decide who gets the key.

Mandatory Access Control (MAC)

System-enforced; users cannot change permissions. Security labels like Confidential, Secret, Top Secret.

• Real-life analogy: Military classified documents only accessible with clearance.

Role-Based Access Control (RBAC)

Permissions are assigned based on roles. Example: Students, Teachers, Admins.

• Practical: Use Linux groups to simulate roles.

Attribute-Based Access Control (ABAC)

Access depends on attributes like time, device, location. Example: Payroll access only during office hours from company devices.

• Practical: Configure ABAC policies in cloud environments (AWS IAM conditions).

Access Control Mechanisms

Practical tools to enforce policies: OS permissions, IAM, ACLs, smart cards, biometrics, and audit logs.

Purpose

• Prevent unauthorized access
• Protect confidentiality, integrity, and availability (CIA)
• Ensure least privilege
• Track activities for auditing

Enforcement Methods

• Software controls: OS, IAM, ACLs
• Hardware: Smart cards, biometric scanners
• Continuous monitoring and audit logs

Single Sign-On (SSO)

Definition: Login once and access multiple applications without re-entering credentials.

• Example: Google account login gives Gmail, Drive, Calendar access.
• Practical: Test SSO login in Microsoft Azure or Okta sandbox.

How SSO Works

1. User logs into Identity Provider (IdP)
2. IdP verifies credentials
3. IdP issues session token
4. Connected apps accept token
5. User gains seamless access

Security Practices

• Enable MFA
• Use HTTPS and secure tokens
• Set session timeouts
• Review inactive accounts
• Monitor logs

Monitoring Logs to Detect Unauthorized Access

• Authentication logs: /var/log/auth.log (Linux)
• System logs: unexpected account changes
• Application logs: unusual file or DB access
• Firewall logs: blocked IPs, port scans
• SIEM tools: Splunk, QRadar, Wazuh

Signs of Unauthorized Access

• Multiple failed logins → brute force
• Login from unknown locations
• Access outside working hours
• Privilege escalation
• Unusual data download

Response Actions

• Disable affected account
• Change passwords
• Notify security team
• Block suspicious IPs
• Audit and document findings

Log Example (Linux)

$ sudo cat /var/log/auth.log
Dec  1 08:22:13 host sshd[12345]: Failed password for invalid user admin from 192.0.2.5 port 59212 ssh2
Dec  1 08:22:16 host sshd[12345]: Accepted password for student from 198.51.100.12 port 60422 ssh2

Summary & Practical Notes

• AAA ensures identity verification, permissions, and accountability.
• RBAC, DAC, MAC, ABAC models define structured access control.
• SSO reduces password fatigue, but requires careful security practices.
• Log monitoring is critical to detect breaches early.
• Always test access control, authentication, and auditing in a lab environment before deploying.