Three dominant classes of access control have developed to protect computer installations.
They are:
• knowledge-based controls (passwords)
• possession-based controls (keys)
• controls based on personal characteristics (biometric devices)
Possession-based controls have to do with things the user owns, like a physical key or mag-netic card. Sometimes there is a metal clip of a pe-culiar shape that must fit into a hole in the com-puter before the computer will operate. A "key" could also be an identification badge, or a signed letter from a person of high status in the company, granting permission to access a site.
Biometric devices are those which look at some trait of a potential user and compare it to traits previously recorded, such as fingerprints, signa-ture, or geometry of the hand.
These two forms of computer security may be designed for remote access control, although usu-ally they are implemented at the site where the computers are located to limit access to either the computer room or the computer itself. Thus, de-scriptions of biornetric and physical keys will be further developed in the on-site
hacking section of this book.
The first class of access control - also the most common - is knowledge-based. That is, control is limited to those persons who can prove they have knowledge of something secret, usually a pass-word. Discovering that password constitutes a large portion of hacking. Here, then, is everything you need to know about
passwords: how they work, how they are stored, and how they are bro-ken.
