Cyber Security: Authentication and Authorisation Authentication and authorisation are two vital information security processes that administrators use to protect systems and information. Both of them are important to CIA Confidentiality Authentication verifies the identity of a user or service, and authorization determines their access rights. AuthenticationAuthentication is the process of determining that someone is who they claim to be by verifying their identity. For example, if you want access to your online bank account you are required to fill out your details, these are then checked against a specific database following your input. After this step, if the submitted data matches, you are granted system access. Another example of authentication would be when two devices are set in different locations - like when you work at home and your laptop logs in to the work server. Through authentication, these basically can establish a trust level and you can connect to the server. AuthorisationAuthorisation is the process of granting someone permission to do something, or access a certain resource. For this to happen the authentication stepmust have been completed. The 'level of access' is then ascertained from data files and the user then has access to files at that level of trust. This access permission can be granted by a person or an automated system. Authorization is usually done with the goal of preventing unauthorized access to resources. For example, you may be authorised to use standard apps at your job, but you might not be authorised to use some applications reserved only for admins. To get access to restricted areas you have to be authorised through a privileged access management system for example, that assigns you limited privileged permissions. Authentication vs. authorization
|
|