Identification, Authentication, and Authorization Techniques
Content
Enrique Roca
IS3230
7-10-15
Unit 1 Assignment 1.1 Identification, Authentication, and
Authorization Techniques
There are numerous techniques that the Information Technology industry can use in order to
substantiate an entities identity, have the ability to authenticate that entity and provide the
appropriate authorization for that entity to have access to a networks resource. There are many
diverse techniques that are obtainable to accomplish this task.
First of all we need to define what authentication accurately is. Authentication is the ability to
verify the identity of a user or a computer system on a computer network. (Barker, 2013) There
are many forms or variations that authentication can manifest itself depending on the
requirements as outlined in the Security Policy published by the business. Most commonly these
would include one, two, or three factor configurations to verify the identity of the person
requesting access to a resource. If everything associated with the authentication factors are valid
and correct for the claimed identity, it is then assumed that the accessing person is who they
claim to be. (Stewart, 2011) Some of the most common authentication factors would be
something you know such as a password, something you have such as a smart card, and
something you are such as a fingerprint.
Identification is the act of claiming an identity using just one authentication factor and
authentication is the act of proving a claimed identity using one or more authentication factors.
Identification in its simplest form can be related to the requestor of a resource to input user
identification such as an e-mail or some other form of user ID. Two-factor authentication is when
two different authentication factors are used to prove ones identity. Multi-factor is just as it
sounds meaning that two or more authentication factors must be used to verify a person’s
identity. That being said single factor authentication can be only one method of authentication.
Two-factor authentication can also be considered multi-factor because it used more than one
factor to verify the identity.
The mechanism by which users are granted or denied the ability to interact with and use
resources is known as access control. Access control is often referred to using the term
authorization. Authorization defines the type of access to resources that the users are granted
which is typically the immediate step directly after authentication. (Stewart, 2011) Typically
there are three types of access controls to a resource which include mandatory access control
(MAC), discretionary access control (DAC), and role-based access control (RBAC) which are all
widely used in today’s industry.
There are several ways to restrict the access to the company’s resources and these are simply the
basics on how someone would initially gain access to the network or resource. As a security
administrator for a business entity it all comes down to just a couple of questions being who,
Enrique Roca
IS3230
7-10-15
what, when, where, why and how and each of these must be taken into account when designing
the authorization system. (Ballad, 2011) One key principal that all security managers must
implement would be the Principal of Least Privilege. Simply put where users are concerned, least
privilege states that a user should only be granted the minimal privileges necessary to perform
their work to accomplish a specific task.
In conclusion unless a company wants to allow anyone and everyone unrestricted access to their
resources there must be a set of checks and balances put into place to restrict access. This
restriction is in the form of Identification, Authentication and Authorization to company
resources with the implementation of principal of least privilege.
Works Cited
Ballad, B. B. (2011). Access Control, Authentication, and Public Key Infrastructure. Burlington:
Jones & Bartlett Learning.
Barker, K. (2013). CISCO Official Certification Guide. Indanapolis, Indiana, USA: Cisco Press.
Stewart, J. M. (2011). CompTIA Security+. Indanapolis: Sybex
IS3230
7-10-15
Unit 1 Assignment 1.1 Identification, Authentication, and
Authorization Techniques
There are numerous techniques that the Information Technology industry can use in order to
substantiate an entities identity, have the ability to authenticate that entity and provide the
appropriate authorization for that entity to have access to a networks resource. There are many
diverse techniques that are obtainable to accomplish this task.
First of all we need to define what authentication accurately is. Authentication is the ability to
verify the identity of a user or a computer system on a computer network. (Barker, 2013) There
are many forms or variations that authentication can manifest itself depending on the
requirements as outlined in the Security Policy published by the business. Most commonly these
would include one, two, or three factor configurations to verify the identity of the person
requesting access to a resource. If everything associated with the authentication factors are valid
and correct for the claimed identity, it is then assumed that the accessing person is who they
claim to be. (Stewart, 2011) Some of the most common authentication factors would be
something you know such as a password, something you have such as a smart card, and
something you are such as a fingerprint.
Identification is the act of claiming an identity using just one authentication factor and
authentication is the act of proving a claimed identity using one or more authentication factors.
Identification in its simplest form can be related to the requestor of a resource to input user
identification such as an e-mail or some other form of user ID. Two-factor authentication is when
two different authentication factors are used to prove ones identity. Multi-factor is just as it
sounds meaning that two or more authentication factors must be used to verify a person’s
identity. That being said single factor authentication can be only one method of authentication.
Two-factor authentication can also be considered multi-factor because it used more than one
factor to verify the identity.
The mechanism by which users are granted or denied the ability to interact with and use
resources is known as access control. Access control is often referred to using the term
authorization. Authorization defines the type of access to resources that the users are granted
which is typically the immediate step directly after authentication. (Stewart, 2011) Typically
there are three types of access controls to a resource which include mandatory access control
(MAC), discretionary access control (DAC), and role-based access control (RBAC) which are all
widely used in today’s industry.
There are several ways to restrict the access to the company’s resources and these are simply the
basics on how someone would initially gain access to the network or resource. As a security
administrator for a business entity it all comes down to just a couple of questions being who,
Enrique Roca
IS3230
7-10-15
what, when, where, why and how and each of these must be taken into account when designing
the authorization system. (Ballad, 2011) One key principal that all security managers must
implement would be the Principal of Least Privilege. Simply put where users are concerned, least
privilege states that a user should only be granted the minimal privileges necessary to perform
their work to accomplish a specific task.
In conclusion unless a company wants to allow anyone and everyone unrestricted access to their
resources there must be a set of checks and balances put into place to restrict access. This
restriction is in the form of Identification, Authentication and Authorization to company
resources with the implementation of principal of least privilege.
Works Cited
Ballad, B. B. (2011). Access Control, Authentication, and Public Key Infrastructure. Burlington:
Jones & Bartlett Learning.
Barker, K. (2013). CISCO Official Certification Guide. Indanapolis, Indiana, USA: Cisco Press.
Stewart, J. M. (2011). CompTIA Security+. Indanapolis: Sybex
