With the existence of too many malware and even ransomware nowadays, you can never be too careful or too lax in handling or managing your accounts, especially when it comes to network or computer security. So that we can have a better grasp of the value or difference of having our accounts or content protected, let’s define and look at each of the words that encompass & gives meaning to security & protection.
Before proceeding to the detailed descriptions of each term that offers safety for us, we must first need to know that there are two main objectives in having a truly secured computer or network environment, and they are as follows: (1) Preventing or keeping out unauthorized persons from gaining access to our resources, and (2) Making sure that only authorized persons can access the resources they need.
There are basically various components involved in being able to achieve these goals. Assigning access permissions to resources is one that specifies which users may or may not have to access those resources and under what circumstances - for instance, you may want a specific user or group to have access when logged on from a computer that is physically on-site but not from a remote dial-up connection. Yet, it may only work if you can verify the identity of the user who is attempting to access the resources. So, this is where authentication comes in.
We will look at the role played by authentication, authorization, & encryption in a network security plan through this article - and determine the difference of each essential component to help us achieve the security we need.
AUTHENTICATION
A crucial element of a typical security model, it is the process of confirming the identification of a user or a machine <in some cases> who’s trying to log on or access resources. Various authentication mechanisms exist today, but they all serve the same purpose.
- It is used by a server when it needs to know exactly who is trying to get their information or login to the site.
- It may also be used by a client in knowing if the server is a system that it claims to be.
- Authentication works in both ways, the user or computer has to prove its identity to the server or client.
- Authentication by a server usually entails utilization of a username & password. Other means to authenticate can be through cards, retina scans, voice recognition, and fingerprints.
- On the other hand, authentication by a client involves the server giving a certificate to the client in which a trusted third party such as Verisign or Thawte states that the server belongs to a bank(a sample entity) that the client expects it to.
- It cannot determine what tasks the individual can do or what files the individual can see. Authentication merely identifies and verifies who the person or system is.
AUTHORIZATION
After verifying the user’s identity (authentication), authorization then verifies that the user in question has the correct permissions & rights to access the requested resource. As you have probably realized by now, these two work together - authentication happens first then authorization.
- This is a process in which the server determines if the client has permission to use a resource or access any file.
- Authorization works hand-in-hand with authentication so that the server has some concept of who the client is that is requesting for access.
- Authentication types needed for authorization may vary - passwords may be required in some cases but not in others.
- Authentication by a server usually entails utilization of a username & password. Other means to authenticate can be through cards, retina scans, voice recognition, and fingerprints.
- There are exceptional cases that have no authorization - any user may utilize a resource or gain access to a file simply by asking for it. Most web pages on the Internet require no authentication or authorization.
ENCRYPTION
This involves the process of transforming data so that it is unreadable by anyone who does not have the decryption key.
- The Secure Shell (SSH) and Socket Layer (SSL) protocols are typically used in encryption processes. The SSL drives the secure part of “https://” sites used on e-commerce sites such as e-Bay and Amazon.com.
- All information in SSL transactions is encrypted between the client (browser) & the server (web server) before the data is transferred between the two.
- Every data in SSH sessions is encrypted between the client & the server when communicating at the shell.
- By encrypting the information exchanged between the client and the server, data such social security numbers, credit card numbers, & home addresses can be sent over the Internet with less risk of being intercepted during transit.
On a daily basis, we use authentication, authorization & encryption most of the time. A good example for this is - booking and taking an airplane flight.
- Encryption is used when a person buys their ticket online at one of the many sites that advertise affordable tickets. Upon finding the perfect flight at an ideal price, a person goes to buy the ticket. Encryption is used to protect a person’s credit card and personal information when it is sent over the Internet to the airline. The company encrypts the customer’s data so that it will be safer from an interception in transit.
- Authentication works when the traveler shows his or her ticket & driver’s license at the airport so he/she can check in his/her bags and receive a boarding pass. Airports need to authenticate that the person is the right one and has purchased a ticket before giving the boarding pass.
- Authorization happens when a person shows the boarding pass to the flight attendant so he/she can board the plane where he’s supposed to be flying on. The flight attendant must authorize a person so that person can get inside the plane & use the resources to fly from one place to the other.
Here are a few examples of where encryption, authentication, and authorization are used by computers
- Encryption is used whenever people are giving out personal data to register for something or buy a product. This ensures the person’s privacy during the transaction. Encryption is likewise used when the data returned by the server to the client should be protected, such as a financial statement or test results.
- Authentication is applicable whenever you want to know exactly who is using or viewing your site. Web login is Boston University’s primary method of authentication. While other commercial websites such as Amazon.com require people to log in before buying products so they know exactly who their buyers are.
- Authorization is used whenever you want to control viewer access of certain pages. Ex., Boston University students are not authorized to view certain web pages for professors and administration. The authorization requirements for a site are typically defined in a website’s .htaccess file.
- Authentication & Authorization are often used together. Like having the students at Boston University to authenticate before accessing the Student Link. It then determines what data they are authorized to see. The authorization step prevents students from seeing data of other students.
To learn more about the three elements of computer security & protection, visit our site at foneapi.com or leave your comments below & we’ll get back to you for further details.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.