Authorization Explained with Examples

Authorization describes the actions and tasks you can perform on the protected resources after authentication. For example, if you are trying to access a file on the system, authorization lists the actions (such as open, read, edit, update, and delete) you can take on the file.

A computer or a network protects its resources at two levels. At the first level, it requires authentication. Users must authenticate themselves before they can access anything. There are many ways to authenticate. Various authentication types provide different levels of security. A network can configure any one or more than one authentication type based on its security requirements.

After authentication, authorization controls the actions the authorized user can perform. Operating systems implement authorization based on the types of resources they protect. For example, Windows and Linux use authorization in the form of permissions and rights. Cisco implements authorization as access control lists (ACLs). ACLs allow or deny traffic from entering or leaving the network.

Permissions

Permission defines your level of access to the resources, such as a file, folder, or object. Permission is the characteristic of the resource. Each resource can have a separate permission for every user account. For example, you have a file and two user accounts on the server. You want to configure permissions that allow the first user to read the file, while the second user to read and write the file. For this, you would go to the properties of that file and set the permissions.

Right

A right is a privilege within the operating system that allows the user to perform a particular task. For example, you can restrict users from updating system times or changing time zones. A user can perform only the allowed tasks. Rights define them. Only administrators or allowed users can configure rights.

Controlling/Filtering Traffic

Permissions and rights are the Windows implementation of authorization. Cisco uses authorization to control and filter data packets. It implements authorization in the form of ACLs. ACLs define the traffic that can enter or leave different parts of your network.

ACLs work on firewalls and routers. When a router receives a data packet, it compares the source and destination addresses of the packet with the ACL rules and takes the action configured in the matching ACL entry.

Network Access Control (NAC)

NAC allows you to authorize who can gain access to a wired or wireless network based on the state of the connecting system, known as posture assessment. You can specify conditions a system must meet to gain access to the network. If those conditions are not satisfied, you can send the system to a restricted network, where the system can take the necessary actions to fulfill the conditions. For example, you can configure an updated antivirus as the minimum requirement to connect to the network. When a system tries to connect to the network, the NAC checks whether the system has updated antivirus software. If the system has it, NAC allows the system to connect to the network. If the system does not have antivirus software or the virus definition is outdated, NAC sends the system to a restricted network, where the user can typically apply patches or update the virus definitions.

Port Security

Port security is another Cisco implementation of authorization. Port security works on switches. It allows you to control which systems can connect to individual ports on the switch based on their MAC addresses.

Conclusion

Authorization plays a critical role in securing access to protected resources across computer networks. It operates as a safeguard following authentication, delineating the specific actions users can take on various resources. Different systems implement authorization through mechanisms like permissions and rights in operating systems like Windows and Linux, or through access control lists (ACLs) in networking equipment from providers like Cisco. These frameworks not only dictate user access levels but also enhance security by filtering network traffic and managing how data packets traverse the system.