Firewalls | VPNs | Content Security | Authentication and Authorisation | Intrusion Detection and Prevention | Application Optimisation | Wired and Wireless Networking
Authentication and Authorisation
Authentication is about proving someone (or something) is who (or what) they say they are. It takes place after identification of the person or thing (commonly referred to as the subject). Authentication is a critical component of Access Control, itself one of the key components of an organisation's Security Architecture.
There are many ways to authenticate a subject, including:
- Biometrics - such as retina scan, hand print, iris scan or fingerprint
- Passwords - static passwords, one-time passwords
- Passphrases - typically much longer than a password
- Token Devices and Smart Cards - these offer two-factor authentication (something you have and something you know) and are considered more secure
- Cryptographic Keys - such as Digital Certificates
Once the subject has been authenticated, then authorisation takes place. Authorisation is about specifying the privileges a subject is allowed with the resource that is being protected. If authorisation rules have not been properly defined and implemented, then people may have the ability to do things that they should not be permitted to do. e.g. view or delete a colleague's HR files or change payroll data.
Authentication and Authorisation are components of Access Control (or Access Management). It is imperative for all organisations to consider their approach to Access Control. We can help by guiding you through the creation of a high-level access control policy, and subsequently by choosing the right solutions to implement the policy within your organisation.
Network Surety have experience of Public Key Infrastructures (PKIs), Centralised Access Control systems (e.g. TACACS+ or RADIUS), Two-Factor Authentication and Single-Sign-On solutions to meet your Remote Access, Internal, External and 3rd Party Authentication/Authorisation needs.