You are on page 1of 5

In the fields of physical security and information security, access control (AC) is the selective

restriction of access to a place or other resource.[1] The act of accessing may mean consuming,
entering, or using. Permission to access a resource is called authorization. IT systems today
can
process and store a wide variety of information and provide access to it to a large
number of users. It is not unusual for a system in a large organization to contain some
information that must be accessible to all users, some that is needed by several groups
or departments, as well as some that should be accessed by only a few individuals.
Having information reside centrally on a system used by everyone contributes to cost
effective and efficient information sharing and processing.

Information residing on a system that is accessed by many users, however, can also
create problems. A significant concern is ensuring that users have access to
information that they need but do not have inappropriate access to information that is
sensitive. It is also important to ensure that certain items, though readable by many
users, can only be changed by a few.

Logical access controls are a means of addressing these problems. Logical access
controls are protection mechanisms that limit users' access to information and restrict
their forms of access on the system to only what is appropriate for them. Logical
access controls are often built into the operating system, or may be part of the "logic"
of applications programs or major utilities, such as Database Management Systems.
They may also be implemented in add-on security packages that are installed into an
operating system; such packages are available for a variety of systems, including PCs
and mainframes. Additionally, logical access controls may be present in specialized
components that regulate communications between computers and networks.

Some rudimentary forms of automated access controls have been available for many
years, but today there are increasingly sophisticated and cost-effective methods that
managers will find well worth investigating. This chapter will discuss some of the
advantages provided by logical access control and issues to be considered when
investigating logical access control. It will also provide an introduction to common
forms of logical access control available today.

The concept of access modes is fundamental to logical access control. The effect of
many types of logical access control is to permit or deny access by specific
individuals to specific information resources in specific access modes. An
introduction to the common access modes follows.
Read only: This provides users with the capability to view, copy, and usually print
information but not to do anything to alter it, such as delete from, add to, or modify it
in any way. Read- only accesses are probably the most widely allowed to data files on
IT systems.

Read and Write: Users are allowed to view and print as well as add, delete, and
modify information. Logical access control can further refine the read/write
relationship such that a user has read-only ability for one field of information but the
ability to write to a related field. An example would be a project Action Item program
that allows a user read-only ability for the assigned action items and permits responses
to be written in the space below an action item.

Execute: The most common activity performed by users in relation to applications


programs on a system is to execute them. A user executes a program each time he or
she uses a word processor, spreadsheet, database, etc. Users would not ordinarily be
given read or write capabilities for an application, however, since it would appear in a
format that is unintelligible to most users. It might be desirable, though, for software
programming specialists to be able to read and write applications.

Successfully refining, implementing, and managing these different access modes have
resulted in greatly improved information sharing, both for government and industry as
well as for the general public. There are systems, for example, referred to as public
access systems, whose purpose is to disseminate information to the public at large.
The ability to read from these systems, therefore, has been made widely available.
With logical access control, the crucial requirement of preserving the integrity of the
information being disseminated that is, protecting it against improper modification,
can be met while the information remains available for all to view.

Before logical access controls were widely available, physical access control was the
main means of protecting information on an IT system. Access to information was
controlled solely by controlling access to the system, for example, by keeping the
system in a locked room or having a guard on duty to restrict admittance to a facility.
Once logged onto a system, though, a user could generally access all of its data. In
some environments, this is not a problem. Physical access control may be sufficient in
environments where all users of a system need to access to all of the information on it
and need to perform all of the same types of accesses in relation to it (read it, add to it,
delete it, etc). In environments where not all information resources on a system should
be equally available to all users, a more precise control is necessary.
Logical access control can enhance the security provided by physical access control
by acting as an additional guard against unauthorized access to or use of the system's
resources. It can also augment physical access control by providing added precision,
since different users are able to perform different functions. An example would be a
team of scientists who all need access to up-to-the minute information in a field of
research. Everyone in the group could be given physical access to a system where the
information is being posted and the ability to read all information. Senior scientists
might also be able to add comments on the information, while perhaps only the head
of the research effort might be able to add and delete files.

Administration of Logical Access Controls


Audit

It is sometimes not possible to make logical access control as precise, or fine-grained,


as would be ideal for an organization. Given the difficulty of configuring logical
access controls in a complex IT system, there are may be occasions when a user is
inadvertently allowed access to resources he should not have. In some cases, users
will be granted access in case they need to act in someone's place. In addition, the
policy or rules governing access may change over time, and there is a window of time
between when the policy changes and when the logical access control system is
updated. The net result in these cases is that it is possible for users to abuse access
permissions they have. Automated auditing provides a source of information that can
be used to identify users who have abused their access permissions. Audit analysis can
perform such functions as checking accesses to very sensitive or critical resources, the
membership of very powerful groups, verifying the consistency of rights with roles,
and generating access violation reports.

Physical access control is a matter of who, where, and when. An access control system determines
who is allowed to enter or exit, where they are allowed to exit or enter, and when they are allowed to
enter or exit. Historically, this was partially accomplished through keys and locks. When a door is
locked, only someone with a key can enter through the door, depending on how the lock is
configured. Mechanical locks and keys do not allow restriction of the key holder to specific times or
dates. Mechanical locks and keys do not provide records of the key used on any specific door, and
the keys can be easily copied or transferred to an unauthorized person. When a mechanical key is
lost or the key holder is no longer authorized to use the protected area, the locks must be re-
keyed.[citation needed]
Electronic access control uses computers to solve the limitations of mechanical locks and keys. A
wide range of credentials can be used to replace mechanical keys. The electronic access control
system grants access based on the credential presented. When access is granted, the door is
unlocked for a predetermined time and the transaction is recorded. When access is refused, the
door remains locked and the attempted access is recorded. The system will also monitor the door
and alarm if the door is forced open or held open too long after being unlocked.[citation needed]

A cracker (also known as a black hat hacker) is an individual with extensive computer
knowledge whose purpose is to breach or bypass internet security or gain access to
software without paying royalties. The general view is that, while hackers build things,
crackers break things. Cracker is the name given to hackers who break into computers for
criminal gain; whereas, hackers can also be internet security experts hired to find
vulnerabilities in systems. These hackers are also known as white hat hackers. Crackers
motivations can range from profit, a cause they believe in, general maliciousness or just
because they like the challenge. They may steal credit card numbers, leave viruses, destroy
files or collect personal information to sell.
Crackers can also refer to those who reverse engineer software and modify it for their own
amusement. The most common way crackers gain access to networks or systems is
through social engineering, whereby the cracker contacts employees at a company and
tricks them into divulging passwords and other information that allows a cracker to gain
access.

Script kiddies
In programming and hacking culture, a script kiddie or skiddie[1] (other names include skid or script
bunny)[2] is an unskilled individual who uses scripts or programs developed by others to attack
computer systems and networks and deface websites. It is generally assumed that script kiddies are
juveniles who lack the ability to write sophisticated programs or exploits on their own and that their
objective is to try to impress their friends or gain credit in computer-enthusiast
communities.[3] However, the term does not relate to the actual age of the participant. The term is
generally considered to be pejorative.

Characteristics[edit]
In a Carnegie Mellon report prepared for the U.S. Department of Defense in 2005, script kiddies are
defined as
The more immature but unfortunately often just as dangerous exploiter of security lapses on the
Internet. The typical script kiddy uses existing and frequently well known and easy-to-find techniques
and programs or scripts to search for and exploit weaknesses in other computers on the Internet
often randomly and with little regard or perhaps even understanding of the potentially harmful
consequences.[4]
Script kiddies have at their disposal a large number of effective, easily downloadable programs
capable of breaching computers and networks.[3] Such programs have included remote denial-of-
service WinNuke,[5] trojans, Back Orifice, NetBus, Sub7,[6] and ProRat, vulnerability scanner/injector
kit Metasploit[7] and often software intended for legitimate security auditing.[8]
Script kiddies vandalize websites both for the thrill of it and to increase their reputation among their
peers.[3] Some more malicious script kiddies have used virus toolkits to create and propagate
the Anna Kournikova and Love Bug viruses.[1] Script kiddies lack, or are only developing,
programming skills sufficient to understand the effects and side effects of their actions. As a result,
they leave significant traces which lead to their detection, or directly attack companies which have
detection and countermeasures already in place, or in recent cases, leave automatic crash reporting
turned on.[9][10]

You might also like