What is access control?
What is access control?
A key component of data security
Access controls authenticate and authorize individuals to access the information they are allowed to see and use. Who should access your company’s data? How do you make sure those who attempt access have actually been granted that access? Under which circumstances do you deny access to a user with access privileges?
To effectively protect your data, your organization’s access control policy must address these (and other) questions. What follows is a guide to the basics of access control: What it is, why it’s important, which organizations need it the most, and the challenges security professionals can face
f18 biometric reader
F18 is an innovative biometric fingerprint reader for access control application. With high-performance firmware functions and compact design, it has become one of ZKTeco’s most popular devices. It is applied with ZKTeco’s latest firmware with user-friendly UI and flexible user privilege settings for multi-level management. The new hardware platform uses ZMM210 core-board with 1.2Ghz CPU. With optimization of both hardware platform and firmware, the new f18 is able to verify fingerprints with even higher efficiency. The device offers flexibility of both standalone installation and installation with any third-party access control panels which support standard Wiegand signal. TCP/IP and RS485 are also available which enable F18 to be applied in different network
f18 biometric reader
ZK9500, a latest optical fingerprint scanner, is developed by ZKTeco. It supports fingerprint detection and captures fingerprint image fast, with high resolution. The product is tiny in size and easy to perform fingerprint registration on the desktop. Low power consumption, it can be applies to Android tablet and mobile phone. We provide SDKs for customers to develop their own applications.
The facial recognition capability has reached a new height in the biometrics technology industry with a maximum of 50,000 facial templates, recognition speed of less than 0.3 sec per face, and ultimate anti-spoofing ability against almost all types of fake photos and videos attack.
ZKTeco is now presenting the uFace302 Plus Multi-Biometric T&A and A&C Terminal, which supports 3,000 palm templates, 3,000 face templates, 4,000 fingerprint templates, and 10,000 cards (optional).
It is equipped with ZKTeco's latest hardware platform and algorithm like 3-in-1 contactless palm recognition (Palm Shape, Palm Print and Palm Vein), so the terminal can perform bio-authentication with the palm vein, palm print, and the shape of the palm when the sensor detects a hand presented.
The terminal's touchless palm authentication method with a novel hand tracking technique allows angle tolerance as wide as +/-60° in the roll axis.
With the advanced palm and face algorithm and multi-biometric verification technology, users may enjoy the terminal's enhanced anti-spoofing ability and its significantly enhanced security level.
Zk Inbio 460 4 Door Fingerprint Card Access Control System carries out the matching of fingerprints on the panel, itself. The FR Series of readers transmit fingerprint templates to InBio via RS-485 for fast and accurate matching with templates stored in a data-base. InBio controllers install easily on your network and support both TCP/IP and RS-485 communication. Auto-discovery tool allows setting and modification of network parameters directly and easily.
InBio controller firmware can be upgraded in the field. InBio panels stores up to 3,000 fingerprint templates, 30,000 card users, and up to 100,000 events/transactions. InBio is backed up in real-time to an on-board SD card. Data is preserved if power is lost. InBio continues to operate if network connection is interrupted. Along with relay contacts for controlling door locks, easily programmable auxiliary relays can be used for additional control and interface to lights, alarms, annunciators, intrusion detection panels, or even extra locking devices or gate controllers.
InBio controllers come in three sizes to suit project needs and reduce the cost of unused capacity. 1-door, 2-door, and 4-door models can be mixed and matched in an optimized system architecture. Anti-Passback, First-Card Opening, Multi-Card Opening, Duress Password Entry, and Auxiliary Input/Output Linkages are built into the InBio controller’s firmware.
DS-K1201MF Fingerprint Reader
DS-K1201 Series Fingerprint and card reader, designed with a 32 bit high-speed processor, contains the optical fingerprint recognition module. It communicates with access controller via the RS-485 protocol. And a built-in tamper-proof module helps to protect the card reader from malicious damage. The protective level is IP65, which is suited for outdoor installation.
- Mifare Card Reader
- Multiple Authentication Modes (Card, Fingerprint, and Card + Fingerprint)
- Stores 5000 Fingerprints
- 12 VDC ± 10%
- -40° to 158° F (-40° to + 70° C)
- 10% to 90% (non-condensing)
- 2.44" × 5.20" × 1.73" (62 mm × 132 mm × 44 mm)
IP-Based Fingerprint Access Control Terminal
Hikvision’s DS-K1T201MF 1 Series optical IP-based fingerprint access control terminals feature multiple advanced technologies, including fingerprint recognition, face detection, Wi-Fi, smart card recognition, LCD display screen, and picture capturing technology.
- Terminal mode: Uplink (TCP/IP, Wi-Fi), downlink (RS-485), card reader mode: Uplink (Wiegand 26/34, RS-485)
- 256 MB storage
- Maximum 32 GB, built-in microSD card
- Door magnetic sensor x 1, alarm input x 2, tamper-resistant switch x 1, exit button x 1
- 12 VDC
- -4° to 149° F (-20° to 65° C)
- 10% to 90% (non-condensing)
- 4.8" × 5.6" × 1.1" (122 mm × 142 mm × 27 mm)
Face Recognition Terminal
The DS-K1T671M face recognition terminal is an access control device with a large screen ratio, which supports 1:N face authentication, card authentication, etc. It can be applied in multiple scenarios such as dwellings, government buildings, banks, enterprises, etc.
- 7-inch LCD Touch Screen
- Face Recognition Distance: 0.3 to 3 m
- 5,000 Faces
- Working Humidity: 0 to 90% (non-condensing)
- -22° to +140° F (-30° to +60° C)
- Face Recognition <0.2 s/User; Accuracy Rate 399%
- Transmits Data to Client Software via TCP/IP and Saves Data on Client Software
MAGIC PASS 12380 ID
- Surface Application: Fashion silver, red bronze, red gold
- Universal Lock Body: Double quick lock body (Other special lock bodies can be added.)
- Super Class B Cylinder: Two keys
Opening Mode: Fingerprint, password, M1 card, remote control, key
- Lock Function: Anti-lock function
- Fingerprint Class: Optical fingerprint / Semiconductor fingerprint
- Touch Mode: Capacitive
- False Rejection Rate: <= 0.15%
- Incorrect Acceptance Rate: <= 0.00004%
- Number of Fingerprints: 300 fingerprints
- Passwords: 300 passwords
- Number of Cards: 300 cards
- Resolution: 500 DPI
- Static Current: <= 55UA (Battery can be used for more than one year)
- Operating Current: <= 250mA
- Working Temperature Grade: (-10-> 60) C
- Working Net Grade: 20C-93C
- Power Supply: 6V
- Low Voltage Alarm: 4.5V
- Password: 6-10 digits
- Display: Touch LCD screen
- Password Angel Peep: Yes
- Weight: approx. 5.3 kg
- Size: 330L * 78W * 28H
Access control is a method of guaranteeing that users are who they say they are and that they have the appropriate access to company data.
At a high level, access control is a selective restriction of access to data. It consists of two main components: authentication and authorization, says Daniel Crowley, head of research for IBM’s X-Force Red, which focuses on data security.
Authentication is a technique used to verify that someone is who they claim to be. Authentication isn’t sufficient by itself to protect data, Crowley notes. What’s needed is an additional layer, authorization, which determines whether a user should be allowed to access the data or make the transaction they’re attempting.
Without authentication and authorization, there is no data security, Crowley says. “In every data breach, access controls are among the first policies investigated,” notes Ted Wagner, CISO at SAP National Security Services, Inc. “Whether it be the inadvertent exposure of sensitive data improperly secured by an end user or the Equifax breach, where sensitive data was exposed through a public-facing web server operating with a software vulnerability, access controls are a key component. When not properly implemented or maintained, the result can be catastrophic.”
Any organization whose employees connect to the internet—in other words, every organization today—needs some level of access control in place. “That’s especially true of businesses with employees who work out of the office and require access to the company data resources and services,”
Access control policy: Key considerations
Most security professionals understand how critical access control is to their organization. But not everyone agrees on how access control should be enforced, says Chelsea. “Access control requires the enforcement of persistent policies in a dynamic world without traditional borders,” Chelsea explains. Most of us work in hybrid environments where data moves from on-premises servers or the cloud to offices, homes, hotels, cars and coffee shops with open Wi-Fi hot spots, which can make enforcing access control difficult.
Types of access control
Organizations must determine the appropriate access control model to adopt based on the type and sensitivity of data they’re processing, says Wagner. Older access models include discretionary access control (DAC) and mandatory access control (MAC), role based access control (RBAC) is the most common model today, and the most recent model is known as attribute based access control (ABAC).
Access control solutions
A number of technologies can support the various access control models. In some cases, multiple technologies may need to work in concert to achieve the desired level of access control, Wagner says.
“The reality of data spread across cloud service providers and SaaS applications and connected to the traditional network perimeter dictate the need to orchestrate a secure solution,” he notes. “There are multiple vendors providing privilege access and identity management solutions that can be integrated into a traditional Active Directory construct from Microsoft. Multifactor authentication can be a component to further enhance security.”
Why authorization remains a challenge
Today, most organizations have become adept at authentication, says Crowley, especially with the growing use of multifactor authentication and biometric-based authentication (such as facial or iris recognition). In recent years, as high-profile data breaches have resulted in the selling of stolen password credentials on the dark web, security professionals have taken the need for multi-factor authentication more seriously, he adds.
Authorization is still an area in which security professionals “mess up more often,” Crowley says. It can be challenging to determine and perpetually monitor who gets access to which data resources, how they should be able to access them, and under which conditions they are granted access, for starters. But inconsistent or weak authorization protocols can create security holes that need to be identified and plugged as quickly as possible.
Speaking of monitoring: However your organization chooses to implement access control, it must be constantly monitored, says Chelsea, both in terms of compliance to your corporate security policy as well as operationally, to identify any potential security holes. “You should periodically perform a governance, risk and compliance review,” he says. “You need recurring vulnerability scans against any application running your access control functions, and you should collect and monitor logs on each access for violations of the policy.”
In today’s complex IT environments, access control must be regarded as “a living technology infrastructure that uses the most sophisticated tools, reflects changes in the work environment such as increased mobility, recognizes the changes in the devices we use and their inherent risks, and takes into account the growing movement toward the cloud,” Chelsea says.
Access Control Software
From entry-level IP-based access control software to multi-location enterprise access control software, LINSTAR has a full line of access security software to build the right access control system based on the needs and requirements of your organization.
Biometric recognition technology is being used increasingly more in security, and fingerprint recognition (biometric fingerprint) is currently the most commonly used biometric technology for physical access control. It makes sense – people are already used to using fingerprints to verify themselves on their Smartphone and there are many benefits to fingerprint recognition. Enrolling and presenting a fingerprint is relatively easy. And the combination of a low price point and high accuracy levels make it a good choice for many access control applications, especially those where fewer people need access.
Network Access Control
(NAC) is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to network nodes by devices when they initially attempt to access the network. ... A basic form of NAC is the 802.1X standard.