Access Control

 
Access Control
In short, access control refers to the means by which a user can successfully gain access
to a service, which is available through a wireless (or fixed) Local Area Network (LAN)
or Wide Area Network (WAN). Numerous methods are used to ensure that you are an
authorized user. For example, Remote Authentication Dial-in User Service (RADIUS) is
a de facto industry standard protocol, which is used to verify users of a particular service
through a centralized database such as a Network Access Server (NAS); usernames
and passwords are crosschecked with the database to ensure that the user is authorized.
A NAS may include a Virtual Private Network (VPN) or a wireless Access Point
(AP), but typically, in a larger organization, the NAS may be integral to a central
server. Additionally, a RADIUS-enabled service may track users logging in or off and
may also track what they have been doing. In some configurations this method of
tracking may be used to charge access time for a particular service.
The RADIUS server is not limited to the authorization of usernames and passwords;
it is also capable of assigning Internet Protocol (IP) addresses and a range of other  configuration parameters, such as Domain Name System (DNS) addresses, subnet masks
and so on. In particular a RADIUS server may run alongside the Dynamic Host
Configuration Protocol (DHCP) which is used to assign users’ unique IP addresses and,
prior to the assignment of an IP address, the RADIUS server can be used to employ
additional verification procedures. In doing so, the RADIUS protocol can request that
the device must reveal its Media Access Control (MAC) address, which is a unique identifier
assigned to all types of network capable equipment, such as a cellular phone or a
computer. Once a user has been verified with a username and password, further verification
can be made by crosschecking the device’s MAC address. In essence, if it is not
on the list of authorized devices, then the user will not be allowed to continue to use
the service; however, this does bring us on to our next topic. How would an authorized
user gain access to a username and password? Perhaps, a user may have overheard or
read the username and password or more likely may have used a wireless sniffer or similar
equipment to eavesdrop on the data that initially establishes a connection between
a client and server. In the opening dialogue between a client and server, a hacker can
intercept configuration parameters and commands, where this information can be sufficient
for the hacker to hijack the session. Furthermore, the hacker may be capable of issuing
their own commands to elude the host of unauthorized access; in turn, the hacker can
fool the host into gaining access to the host’s services.