By Milica D. Djekic

Have you ever thought about how two computers talk to each other while they are in a network? So many network security experts would suggest that those IT assets could use the well-developed communications protocols in order to transfer the traffic through their wirings. Well, what’s the trick? The communications between two or more devices being on the internet network would go via the set of rules and every single device would contact the next one with the certain questions and its peer would reply with some answers on. So, once the devices using the internet protocol confirm the situation is appropriate for data exchange – they would establish the communications and start sending each other the packets of the information. Apparently, a similar scenario is with the device and the hacking tools being installed on another computing unit getting online. That hacker’s software would get capable to access someone’s cyber infrastructure if there are provided some IP addresses or log in details. In other words, it’s all about good access control! If you put some sort of the wall between your predator’s computer and the victim’s one there are fewer chances that you would ban the access to any malicious communications coming from the outside. For instance, you can always use the diverse methods of the access control relying on some kinds of verification codes coming through e-mail, text message or phone call, but would that help you remain safe while someone is trying to make a breach to your operating system or the entire computing resources being on the web, so far? The main point here is how we could control the access to any or some sensitive data storage or communications channel. In this review, we would attempt to discuss a bit how the best practice in such an area could look like.

The role of a good access control

There are plenty of great ideas on how to protect your IT assets while you are on the internet. For example, good advice is to try to make the wall between your working environment and the external surroundings. Some experts would agree that the quite convenient approach is to encrypt your operating system and any time you intend to access your system you need to use the cryptographic key in order to get the approach to such an environment. Also, so many people would use the biometrics in order to protect their machines from unwanted accesses. In our opinion, that tactic is quite good, but it’s still pretty hackable. So many experts’ reporting would suggest that the hackers could steal the confidential information about someone’s biometrics attributes and when they need to obtain the access to someone’s device – they would simply upload such a file and get the permission to enter someone’s private or business cyber environment.

Our suggestion here would be that at the developer’s stage of the access control building up – we need to define the path to the device which only got the approval to control its access applying the biometrics technologies. This is so important for a reason that some weaknesses of the biometrics systems could get removed if we attempt to make better planning and strategy formulation at the initiation of the programming project. In other words, if we make a good combination of the cyber defense and developer’s strategic planning, we can expect the quite suitable solution that would minimize our chances to get accessed without any permission. On the other hand, the biometric access control would do its job at the quite satifactionary level, but we still need to think hard how to make a step ahead over the constantly arising threats.

What hackers get when access control is poor

The fact is the hacker’s love the poor access control because such a situation would give them an opportunity to breach and exploit some IT system. The quite good illustration of how someone’s access could get banned is the ransomware attack. This sort of offense could affect both – files and operating environments. In other words, your access to some working surroundings as well as data and applications could get prohibited. Also, once you get the target of such an attack, you would cope with those here we go scary effects. As it’s well-known, if you want to return your access to such an attacked machine, you need to pay some fee to that malicious software. So, you would get your access back – just make a payment through some e-payment system.

That’s the quite clever trick and there are some countermeasures being developed to protect any computer or cyber device from that cybercrime operation. In essence, maybe we could learn something from the bad guys for a reason they would know well enough how to control someone’s access to his working surrounding or the entire folders and files. The hacker’s attacks are coming from the outside and if you really want to make the barrier between your and their devices maybe you could put the wall to them which will make them struggle to even attempt anything. In other words, we would not suggest to you to try to make your cyber criminals make an e-payment in order to get the access to your working environment, but some kind of well-encrypted access control is more than welcome, so far.

What access control can prevent in a cyber sense

The role of access control is to prevent your IT infrastructure as well as the entire computing networks from the cyber breaches and the main goal here is to deal with the tendencies in the arena of emerging technologies in order to gain new ideas, approaches, and techniques for the best practice purposes. If the access to your asset is in the good hands and if your risk management works well enough – you could get in peace that no one would get permission over your confidential content. We are quite aware that the war between the good guys and the bad guys is the never-ending game between the cat and the mouse and even if the good guys get in position to make some sort of advantage in front of the bad guys – it does not mean that advantage would last for a while. In practice, we need intelligent thinkers who would create good tactics and strategies in order to prevent us from being accessed and overused for the needs of the black market.

The impact on society and the economy

The successful cyber breaches could mean a lot of valuable information could get stolen and sold on the black market causing the non-returnable damage to so many private and business environments. If we choose to develop good access control, we need to think a bit about how we could prevent our communities and the overall economy from being affected. That’s not the easy task and as it’s well-known, the impacts of the perfectly made access control could get so far reaching. The fact is we always need to put a lot of our effort in order to maintain our social, economic and reputational losses at the minimal stage. There is no absolute security, but if we invest our time as well as human and technological resources in order to combat the cybercrime and terrorism on, we can expect quite good outcomes back.

Some further suggestions

Through this overview, we have attempted to provide some insights into the strong and weak sides of today’s access control procedure. As we know, there are a lot of cryptographic algorithms being available worldwide and every single day there would be more and more cryptosystems as the researchers and mathematicians over the globe are investigating and discovering the new and new models and approaches. We live in the digital age and our emerging technology seeks to get safe, but that’s not such a simple task at all. Finally, there is a huge need to go deep with our explorations in order to produce something that would offer us much more secure living and working conditions, so far.

About The Author

Milica D. Djekic is an Independent Researcher from Subotica, Republic of Serbia. She received her engineering background from the Faculty of Mechanical Engineering, University of Belgrade. She writes for some domestic and overseas presses and she is also the author of the book “The Internet of Things: Concept, Applications, and Security” being published in 2017 with the Lambert Academic Publishing. Milica is also a speaker with the BrightTALK expert’s channel and Cyber Security Summit Europe being held in 2016 as well as CyberCentral Summit 2019 being one of the most exclusive cyber defense events in Europe. She is the member of an ASIS International since 2017 and contributor to the Australian Cyber Security Magazine since 2018. Milica’s research efforts are recognized with the Computer Emergency Response Team for the European Union (CERT-EU). Her fields of interests are cyber defense, technology, and business. Milica is a person with a disability.