Internet Security: A Jumpstart for Systems Administrators and IT Managers

Let's imagine that I worked for NASA (spaceships are cool). I would get a key card and a nametag that I could show off to other people and use as bragging rights. Additionally, the keycard and nametag would tell every-body how important I was within NASA. This might work for me and against me, in that I'd be authenticated to enter the building, but not authorized to enter every room. This is essentially the same way in which the internet works. As businesses implement networked information strategies that call for controlling access to information resources in the networked environment, authentication and access management are emerging as major issues that must be developed, implemented, and supported. There are two primary access issues that must be dealt with: authentication and authorization. Authentication and authorization have very specific definitions.
"Authentication" is the process where a user (via any type of physical access PC, network, remote) establishes a right to an identity. I log in to a system with my user name and password, and the system now knows who I am.
| Note | User name = Bubba Joe Smith |
"Authorization" is the process of determining whether a user is permitted to perform some action or access to a resource. I log in to a system with my user name and password, and the system knows who I am and now can grant or deny access to certain databases.
| Note | User name = Bubba Joe Smith Access to the Fishing Database = Bubba... |