Access Controls: What is it and how can it be undermined?

We have stoplights on city streets, and locks on the doors of our homes. What these things have in common is that they are access controls. The world of computer security is very much the same in that it employs various ways to limit access..... Ideally in a computer network environment the security applied to it should be transparent to the end user. After all it is the job of the system administrator or security person to make the life of the end user as simple and secure as possible. That is after all what many of us are paid for. We cannot simply shrug off security as being an end user problem.

To that end there is a plethora of measures that can be put into place to safeguard the often soft internal network. Some of them are obvious, and some of them not so obvious. One of the most commonly used access controls is the simple username and password combination. This method has all of the well chronicled issues affecting it such as brute forcing and poor password policies. A far better method is to use what is called “two factor authentication”. Access Controls: What is it and how can it be undermined?

Linked by shanmuga Thursday, 15th December 2005 9:06PM