Logical access control refers to the tools and protocols used in computer information systems for identity, authentication, authorization, and accountability.
What more does it involve when we talk about logical access control? Let us learn more in the following article.
What is Logical Access Control?
Logical access control composes policies, procedures, and other activities that are part of the managerial control of an organization. It restricts the use of information to authorized individuals, groups, or organizations.
Moreover, it is a subset of security that deals with the processes used to restrict access to computer files and databases. This process includes authentication, authorization, and auditing.
Logical access control uses logical security measures to protect computer systems, data, applications, and services from unauthorized access.
Examples of Logical Access Control in Computer Security
Logical access control is extremely important for securing networks. The following are examples of logical access control within computer security:
Access Control List
Access control lists (ACLs) provide a method for controlling access to objects on a computer system. ACLs aim to protect operating system resources, including directories, files, and devices. An ACL is a list of users and groups, along with the permissions they have for an object, such as a file or directory. These permissions include read, write, execute, delete, list directory contents, and change permissions.
Authentication
Authentication is the process of verifying that a user is who he or she claims to be. Also, authentication verifies that users are accessing the correct resources on the network using the proper methods.
Security relies on authentication to verify that users are truly who they say they are before granting them access to protected resources. Network authentication mechanisms include passwords, tokens, biometrics, security certificates, and public-key certificates.
Auditing
Auditing is the process of recording activity in a computer system or network to monitor or maintain accountability of actions taken by users and/or processes acting on behalf of users.
Besides, it helps ensure compliance with information security policies and procedural requirements. Such as rule-based standards like PCI DSS or industry standards like ISO 27002:2013 and NIST SP 800-53: 2009 (often referred to as “the 800 series”).
With the help of log monitoring and analysis software, IT and security professionals can identify security breaches as they occur and take action to minimize their effects.
Access Control Models
Access control models aims to control access to information systems or networks. They provide a set of rules that define objects’ (such as files, directories, and devices) accessibility. That is by basing on the identity of users and groups.
There are three common access control models: ACL (Access Control List), RBAC (Role-Based Access Control), and MAC (Mandatory Access Control).
Using ACL
Protect files or directories on a computer system from unauthorized access by using ACLs. In an ACL, users or groups are identified by their full names, e-mail addresses, user IDs, etc. Users have a list of permissions for each object. The permissions include read, write, execute, delete, list directory contents, and change permissions.
Using RBAC
An RBAC system uses roles to assign access rights to users instead of granting them specific permissions. RBAC is a type of access control model that allows users to be assigned roles instead of being assigned individual permissions.
Assigning RBAC roles simplifies the management of access rights because the role is an abstract entity rather than an individual user or group. For example, a role called “Sales” could be granted permission to read from a database table as well as create new records in the table. Then any number of users could be assigned the “Sales” role for access to that database table.
Using MAC
In MAC systems, there is a separation between subjects and objects. Subjects are entities that need permission to act on an object. Objects are everything else in a computing environment except for subjects and objects with which subjects interact directly (e.g., keyboard, a monitor). Objects can contain other objects within them; this is called an object hierarchy or containment hierarchy.
Conclusion: Logical Access Controls in Security
Logical access controls are the policies, procedures, and other activities that are part of the managerial control of an organization. They restrict the use of information to authorized individuals, groups, or organizations.
