Access control is a technique to limiting access to its IT Resources. Its two types available, which company may implement: physical and logical.
Physical access control limits access to physical infrastructure such as campuses, buildings, rooms and physical IT assets. Logical access control enforces measure for system, process, computer networks, system files and data.
In today’s ‘era of technology, companies should follow security practices to prevent companies’ infrastructure from different types of security attacks such as Man in the middle attack, DDoS attack, session hijack, sql injection and many more.
Types of Access Control
- Discretionary Access Control (DAC)
- Mandatory Access Control (MAC)
- Role-Based Access Control (RBAC)
The organization can choose the type of access system according to their business nature and security procedure they are following within organization and the number of users on the system.
Access Control Practices
- Make sure each employee should have their own username and password. And user cannot share their credential using email or sticky notes, which may result the chance of compromise the security system of the organization.
- Organization must use their HR systems for an authoritative source of data for identity and access management system.
- Implement a single, integrated approach to manage employees’ identities.
- Permissions should be assigned to the roles rather than the individual.
- Companies should regularly audit their security check/rules to make sure that they are current.
- Conduct training and awareness programs for the employees of the organization.
- HR manager should revoke credentials and access to system and data from the global directory when an employee moves into a different job internally or leaves the organization.
- The organization can use product such as security event management and security information management with the capabilities of auditing and reporting events.
- For authenticating and authorizing users and entities and enabling them to connect to computer resources, such as distributed applications and web servers’ companies can use directory services. Many protocols also used for this purpose such as the Security assertion Markup Language (SAML).
Useful tools for managing it
- Apache Directory
- 389 Directory Server
- AWS Directory Services
- LDAP Account Manager
- ManageEngine AD360