Scribd
Upload
152 views12 pages

Individual Assignment: Prepared By: Tigist Woldesenbet

This document discusses and compares logical and physical access controls. Logical access controls use tools like passwords and authentication to restrict access to digital resources. Physical access controls use policies and devices like locks, badges, and turnstiles to control access to physical areas. While both aim to restrict unauthorized access, logical controls operate through software and physical controls restrict physical entry points. The document also notes some advantages of modern access control systems over traditional key-based systems.

Uploaded by

Robel Yacob
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Topics covered

  • Access Control in Network Secu…,
  • Access Control in Risk Managem…,
  • Physical Access Control,
  • Access Control in Systems,
  • Access Control in Security Fra…,
  • Authorization,
  • Security Policies,
  • Access Control in Security Man…,
  • Access Control in Enterprises,
  • Access Control in Cybersecurit…
152 views12 pages

Individual Assignment: Prepared By: Tigist Woldesenbet

This document discusses and compares logical and physical access controls. Logical access controls use tools like passwords and authentication to restrict access to digital resources. Physical access controls use policies and devices like locks, badges, and turnstiles to control access to physical areas. While both aim to restrict unauthorized access, logical controls operate through software and physical controls restrict physical entry points. The document also notes some advantages of modern access control systems over traditional key-based systems.

Uploaded by

Robel Yacob
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Topics covered

  • Access Control in Network Secu…,
  • Access Control in Risk Managem…,
  • Physical Access Control,
  • Access Control in Systems,
  • Access Control in Security Fra…,
  • Authorization,
  • Security Policies,
  • Access Control in Security Man…,
  • Access Control in Enterprises,
  • Access Control in Cybersecurit…

[Date]

Individual
Assignment
Prepared by: Tigist Woldesenbet

ID: fill in
HP
Contents
Introduction...........................................................................................................................................2
Logical Access Controls....................................................................................................................4
Physical Access Control....................................................................................................................6
Comparision.............................................................................................................................................8
Summary..................................................................................................................................................9
Bibliography..........................................................................................................................................10
Introduction
This research is about two types of access controls. But, before we dig into the
types of access controls we need to have ample information about access controls.

What are access controls?


Security is an important priority for organizations of all sizes and industries. If you
work with pricey equipment or confidential data, safeguarding your company’s
assets is crucial for success. Whether your employee roster has 10 people or 10,000
people on it, an access control system can facilitate their needs – and deny access
to people who aren’t on the list.

Access control is a method of security that can regulate who views or uses
resources – thus, minimizing the potential risk of a business.

Application of security policies for computers and their systems and procedures
leads into the mechanism of access control. The fundamental goal of any access
control instrument is to provide a verifiable system for assuring the protection of
information from unauthorized or inappropriate access, as outlined in one or more
security policies. Generally, this translation from security policy to access control
implementation is dependent on the nature of the policy and involves the inclusion
of confidentiality and integrity. There are two primary types of systems: logical
and physical.

WHAT ARE THE COMPONENTS OF ACCESS CONTROL?

Any physical or logical access control system has five main parts:

1. Authentication. This is the act of proving the identifying of the user. This


might involve verifying the authenticity of a website’s digital certificate,
validating a form of ID, or comparing login credentials to stored data.
2. Authorization. This specifies whether a staff member has access to certain
resources.

3. Access. After a person is authenticated and authorized, they are allowed to


access the resource.

4. Manage. The system can add or remove the authorization and authentication


of systems or users. There are some systems that streamline the management
process by syncing with Azure Active Directory or G Suite.

5. Audit. This is used to enforce the “least privilege” principle – essentially,


audits minimize the risk of users having access to resources that they no
longer need.

Modern access control systems have many new different components.

MODERN ACCESS CONTROL SYSTEMS COMPONENTS & PARTS

Access control management systems increase their convenience and reliability by


combining various technologies. Here are some components they may have:

Reader: To read a fob or keycard, the door needs to have a reader. There are
several kinds – for instance, wireless, standalone, and IP readers.

Electric Locks: Typically, access control systems use magnetic locks, electric
strikes, or wired mortise locks. There can also be an electrified push bar, which
comes in handy if there is a fire.

Door Sensors: Contact sensors and motion sensors will be able to understand the
door’s status – is it open? Closed? Has there been motion nearby?
Video Surveillance: Some smaller businesses may use wired DVR systems, while
modern businesses may have IP cameras connected to an NVR.

Video Intercoms: You may have a single- or multi-unit intercom; this depends on
whether you need to call a single party or multiple ones. Intercoms may also have
audio, video, dial-in, or touch screen configuration.

PIN Pad: These are used for convenient access – however, this comes with the
drawback of PINs being shared among users. Sometimes the pad is located on the
lock or installed as a standalone pad.

Access Control Panel: A standard panel is the center of controls that connects all
doors to the Internet. It will trigger the dogs to unlock under “correct” scenarios.

Push to Exit Button: This button ensures that anybody can leave the area if there is
an emergency.

Power Supplies: A good supply is of great importance; if the power were to fail,
the door could unexpectedly unlock.

This paper is mainly going discuss about the two types of access control.
Logical Access Controls

Logical access control tools are used for credentials, validation, authorization, and
accountability in an infrastructure and the systems within. These components
enforce access control measures for systems, applications, processes, and
information. This type of access control can also be embedded inside an
application, operating system, database, or infrastructure administrative system.

Logical access controls are the features of your system that enable authorized
personnel access to resources. To many folks, distinguishing between logical
access control and I&A is confusing. Logical access controls are those controls that
either prevent or allow access to resources once a user’s identity already has been
established. Once a user is logged in, they should have access only to those
resources required to perform their duties. Different user groups usually have
access to different resources, which ensures a separation of duties.

Simply, Logical access control tools are used to restrict access to data and
software. 

Examples of that include:

 Using a password to sign into a laptop

 Unlocking your phone with a thumbprint scan or a selfie

 Accessing an employer’s internal network remotely via VPN

In such cases, the software is used to grant access to users who need certain digital
information
On the 44th volume of THE COMPUTER JOURNAL it states:

“The effectiveness of an access control mechanism in implementing a security


policy in a centralized operating system is often weakened because of the large
number of possible access rights involved, informal specification of security policy
and a lack of tools for assisting systems administrators. Herein we present a logical
foundation for automated tools that assist in determining which access rights
should be granted by reasoning about the effects of an access control mechanism
on the computations performed by an operating system. We demonstrate the
practicality and utility of our logical approach by showing how it allows us to
construct a deductive database capable of answering questions about the security of
two real-world operating systems. We illustrate the application of our techniques
by presenting the results of an experiment designed to assess how accurately the
configuration of an access control mechanism implements a given security policy.”
Physical Access Control

Physical access control uses a set of policies to control who can enter a physical
area. Physical access control systems play a central role in the protection of critical
infrastructures, where both the provision of timely access and preserving the
security of sensitive areas are paramount. 
Some real-world kinds of physical access control include:

 Subway turnstiles

 Club bouncers

 Badge/card scanners

 Customs agents

In all of the examples mentioned above, a device or a person is using policies to


determine who gains access to a restricted physical area.

Physical access controls, whether they be gates, locked doors, mantraps, turnstiles,
or any of a number of other mechanisms, can potentially cause a great deal of
trouble for the breakers. When such systems are properly maintained and the set of
policies accompanying them that govern their use is followed, they can be very
difficult to defeat.

But this physical access control has many demerits to it.

Mechanical keys are the most rudimentary physical access control method – and
many smaller companies use them. However, mechanical keys have limitations,
especially as an organization grows. Here are the disadvantages that come with
using keys instead of an access control system.

1. You can lose keys. If an employee loses a key, you’ll need to replace the
lock so that the lost key won’t be used by somebody who should haven’t
access to the restricted location. After that, you will have to give new keys to
anybody who does need access.

2. No audit trails. There is no way for you to keep track of who has used a key
to enter an area, or at what time.

3. Difficult to manage. If somebody needs to gain access to lots of different


rooms and buildings, they will need several keys – at a certain point, this can
be very inconvenient.

So let’s compare.

The line is often unclear whether or not an element can be considered a physical or
a logical access control. When physical access is controlled by software, the chip
on an access card and an electric lock grants access through software, which
should be considered a logical access control. That being said, incorporating
biometrics adds another layer to gain entry into a room. This is considered a
physical access control. Identity authentication is based on a person’s physical
characteristics. The most common physical access controls are used at hospitals,
police stations, government offices, data centers, and any area that contains
sensitive equipment and/or data.

There are various shortcomings of existing approaches to the administration of


physical access control in complex environments. At the heart of the problem is the
current dependency on human administrators to reason about the implications of
the provision or the revocation of staff access to an area within these facilities. We
demonstrate how utilizing Building Information Models (BIMs) and the
capabilities they provide, including 3D representation of a facility and path-
finding, may reduce the incidents of errors made by security administrators.

In many cases, a physical access control is merely a front end for a logical system.
If the logical system can be breached, it is easy to attack physical control.

So let us also see the demerits of a logical control system.

Access control systems can be hacked. When a system is hacked, a person has
access to several people's information, depending on where the information is
stored. Wired reported how one hacker created a chip that allowed access into
secure buildings, for example. Not only does hacking an access control system
make it possible for the hacker to take information from one source, but the hacker
can also use that information to get through other control systems legitimately
without being caught. Despite access control systems increasing in security, there
are still instances where they can be tampered with and broken into.
Summary
As we come to a conclusion, as important as physical access controls are, given
that clouds are managed over the network, limiting access controls to the physical
realm would be profoundly silly. No number of sophisticated multifactor physical
locks or high-resolution video cameras will prevent or record operations personnel
as they engage in their work managing network devices, servers, and storage
devices. The use of an identity system to define and manage access by personnel to
specific devices and functions is an effective way to centralize access control data.
But logical controls alone are not ample to limit access to servers and other cloud
infrastructure. The use of network isolation between different realms within the
cloud infrastructure will go a long way toward not only limiting the reach of a
hacker, but isolation will also limit the scope that authorized operations personnel
have. Putting it differently: Security controls form the lowest layer of protection,
and network isolation provides a second protection mechanism. These reinforce
each other and provide a degree of insurance against ham handing configuration in
either realm.
Bibliography

 The Computer Journal, Volume 44, Issue 2, 2001, Pages 137–149


 Lauren Collins, in Cyber Security and IT Infrastructure Protection, 2014
 Articles from https://recfaces.com/articles/access-control#1
 www.sciencedirect.com
 Cyberspace Safety and Security pp 236-250
 Thomas Wilhelm, Jason Andress, in Ninja Hacking, 2011
 Derrick Rountree, Ileana Castrillo, in The Basics of Cloud Computing, 2014
 Thomas Norman, in Electronic Access Control, 2012

THANK YOU! THE END

Common questions

Powered by AI

Logical access controls are primarily designed to restrict access to data and software, managing credentials, validation, authorization, and accountability within systems and infrastructures. They control access at the software or system level, allowing users to access only necessary resources to perform their duties, often using tools like passwords, thumbprint scans, or VPNs . On the other hand, physical access controls regulate entry to physical spaces using policies and mechanisms like turnstiles, badge scanners, and locks. Their objective is to protect physical infrastructure and sensitive areas by ensuring only authorized individuals can enter . Both types serve to enforce security policies but focus on different aspects of access and protection.

The document identifies several challenges in implementing security policies for access control within centralized operating systems. One major challenge is the large number of potential access rights, which complicates the configuration and management of the security settings. Informal specifications of security policies can lead to ambiguities and inconsistencies in implementation. Additionally, the lack of tools to assist systems administrators in determining appropriate access rights adds to the difficulty in maintaining effective security controls, thereby weakening the overall effectiveness of the access control mechanisms . Addressing these challenges requires developing automated logical tools that can assist in validating and configuring access rights to align with defined security policies more accurately.

A hacked logical access control system can have severe implications. When such a system is compromised, unauthorized individuals can gain access to sensitive information stored within, which poses significant security risks. A hacked system allows the hacker to bypass controls, gaining unauthorized entry to restricted resources and potentially leveraging this access to penetrate other systems or areas without detection. This breach can lead to data theft, privacy violations, and further unauthorized access across interconnected systems. The document cites an example where a hacker's chip enabled unauthorized access into secure buildings, highlighting the vulnerabilities inherent in reliance on logical access systems without adequate protection or monitoring measures .

Incorporating biometrics into an access control system affects its classification by adding a layer of physical security to what might otherwise be a purely logical system. Biometrics, which authenticate identity based on physical characteristics like fingerprints or facial recognition, serve as a bridge between physical and logical access control. Although biometrics themselves are a physical identifier, their integration within a system often uses software for validation and authorization, thus making the overall system a hybrid of both physical and logical components. This dual classification arises because, while the physical attribute (a fingerprint) is necessary to gain access, the processes controlling access (managed through software) blur the line between the two types of systems .

The document suggests that relying solely on physical access control for network security is inadequate because physical measures alone cannot protect the digital aspects of network infrastructure. As networks, especially cloud-based ones, are managed over the network, operations personnel require access to devices for management purposes. Physical controls cannot prevent unauthorized access or record digital interactions that might compromise network security. Furthermore, sophisticated digital threats and hacking cannot be deterred or audited with physical-only measures. Effective access control for network security requires a combination of both physical and logical controls, integrating identity systems and network isolation to mitigate risks and enhance overall protection .

Modern access control systems enhance convenience and reliability by integrating various technological components. Key components include readers for keycards or fobs, electric locks, and door sensors that determine whether a door is open or closed. Video surveillance systems, intercoms, and PIN pads are also used to verify identities and facilitate access control. The access control panel manages connections and triggers such as unlocking doors under correct scenarios. Furthermore, power supplies provide backup to ensure systems continue to operate, even in emergencies . These components work together to create a more secure, efficient, and manageable access control environment.

The document suggests utilizing Building Information Models (BIMs) to minimize errors made by human administrators in physical access control. BIMs provide a 3D representation of facilities and include pathfinding capabilities, which help in planning and managing access paths more accurately and efficiently. This technology can reduce human error by providing a visual and analytical tool to administrators, allowing for more precise decisions regarding the provision and revocation of access to physical areas, thereby enhancing the overall security management of complex environments .

Mechanical keys are a rudimentary form of physical access control and present some advantages and disadvantages. Advantages include simplicity and a low-cost option for securing physical areas without the need for technological infrastructure. However, the disadvantages are significant: if a key is lost, the lock must be replaced to keep unauthorized individuals from gaining access, leading to inconvenience and additional cost. Keys also lack an audit trail, making it impossible to track who entered an area and when. Additionally, managing multiple keys can become cumbersome, especially if access is needed across various rooms or buildings .

Video intercoms and video surveillance both serve important, but distinct, functions within modern access control systems. Video intercoms provide real-time interaction, enabling communication between parties to verify identity before granting access. Intercoms, which may include audio or touch screen configurations, allow for secure, immediate decision-making based on visual and auditory identification. On the other hand, video surveillance passively monitors and records activity, often used for post-incident analysis and ongoing security monitoring. While video surveillance is crucial for documenting entrances and ensuring compliance with security protocols, video intercoms actively manage and control access, providing a proactive layer of security management .

Network isolation plays a critical role in reinforcing security by acting as a secondary layer of protection beyond traditional security controls. It segments the network into distinct zones, limiting the reach and scope of potential intrusions. Network isolation reduces the risk of a successful attack spreading through multiple network realms, containing potential breaches more effectively. This separation helps mitigate risks associated with logical access control breaches, as it limits unauthorized access to critical areas despite system compromise. The document emphasizes that network isolation supports security controls, providing an additional assurance layer against configuration mishaps or unauthorized access .

You might also like