Access control is a key component of security. When properly designed, it lets in legitimate users and keeps unauthorized individuals out. Access control has moved far beyond simple usernames and passwords. Modern access-control systems can use physical attributes or biometrics for authentication. Many airports now use biometrics for authentication. Security administrator have more to worry about than just authentication. Many employees now have multiple accounts to keep up with. Luckily, there is a way to consolidate these accounts: single sign-on.
This chapter discusses access-control techniques and the ways to implement control within centralized and decentralized environments. It also discusses some of the threats to access control. Attackers can launch password-cracking attacks to try and gain unauthorized access. If they still cannot get into a system, they might attempt to launch denial-of-service (DoS) attacks to disrupt avail ability to legitimate users. That is why access control is also about detective and corrective measures. It's important to have systems to detect misuse or attacks. One such system is an intrusion-detection system (IDS). IDS systems are also discussed in this chapter.