Clear up the Confusion: Authentication vs. Authorization

Clear up the Confusion: Authentication vs. Authorization | Chicago IT | Equilibrium IT | EQInc.comThis article attempts to clear up the confusion between Authentication and Authorization. They often seem to occur together and seamlessly on a Windows network, but they must be managed separately.

 

 

 

 

Authentication

Authentication is the process of validating an authentication challenge, such as a username and password combination. When a user is presented with a login dialog box (authentication challenge), the response is sent to the authentication service for review. Once the credentials are verified as correct, the authentication process is complete.

Authorization

Authorization is the process of checking an authenticated user or system against a list of authorized users and computers. An example would be if a user in sales tries to access a payroll share. The authentication process would be successful, but would fail on the authorization process since the user does not have the permission to access that resource. This is where Access Control Lists (ACL) are applied.

Top 5 Attack Methods on Authentication

1. Cloning the credential or token is the process of copying the credential or token of the user and reusing it later to access the system as that user (pass the hash). 

2. Sniffing the credentials is done by intercepting the authentication traffic as it passes through the network.

3. Brute Force is the process of repeatedly trying a set of credentials that could be the victim’s credentials.

4. Denial-of-Service, or DoS, is the process of repeatedly attempting to authenticate with the same credentials, eventually locking out the account.

5. Retrieve from Backup is the process of finding credentials that are saved on a system or database in cleartext.

Need help beefing up Authentication and Authorization within your organization? Let's Talk.

Author: Chad Akileh

Equilibrium IT Solutions, Inc.
Chicago, IL
Security Practice

Follow EQ:

EQ Linked-In | Security | Chicago IT | Equilibrium IT | EQInc.com  EQ Facebook | Security | Chicago IT | Equilibrium IT | EQInc.com  EQ Google+ | Security | Chicago IT | Equilibrium IT | EQInc.com  EQ Twitter | Security | Chicago IT | Equilibrium IT | EQInc.com

 

Questions?  Call us today in Chicago at 773-205-0200 | Email us at  | Request a FREE Consultation

 

Contact Us

Call today! 773.205.0200 or use the form below.