8. The Means of Cybersecurity: Access Control “Whence and what art thou, execrable shape! / That darest, though grim and terrible, advance / Thy miscreated front athwart my way / To yonder gate? Through them I mean to pass— / That be assured—without leave asked of thee.” - Satan to Hell’s gatekeeper Death in Paradise Lost by John Milton “Unauthorized access” is the key phrase used in most definitions of cybersecurity and in cybercrime laws. Cybersecurity is primarily concerned with controlling access to computers and data. Therefore, access control, or monitoring and controlling access to computer systems and data, is the means of cybersecurity. Access control mechanisms are designed to make sure that the appropriate people, and only the appropriate people, have access to the resources they need. Failures of access control occur when people obtain access to computing resources they are not authorized to use, view, or modify. Access control is made up of three interrelated components: authentication, authorization, and accounting. These are typically referred to by the acronym AAA—the second most important acronym in cybersecurity behind CIA. Authentication asks the question, “Are you who you say you are?” Authorization asks the question, “Are you allowed to do that?” And accounting is a record of who did what when. These three components work together to control and monitor access to computer systems and data. This chapter covers each part of access control in turn. 8.1 Authentication “Who in the world am I? Ah, that’s the great puzzle.” - Alice’s Adventures in Wonderland by Lewis Carroll Chapter 8
RkJQdWJsaXNoZXIy MTM4ODY=