Authentication and authorization, sounds similar? You may have heard these two words without knowing that they refer to different terminologies. But, if we consider them as technical terms, they refer to two completely different terms with totally different meanings. Both these terminologies are related to the branch of network security. Now, what network security actually is?
Network Security
Network security means preventing unauthorized access from penetrating into our network infrastructure. Shortly, it is the technique of using physical or software measures to protect our network from malfunctioning, misuse or destruction.
While accessing the network, the user can access the network by sitting far away from the router or the device. For this process, the user should have remote access to the device. But, while gaining this access, there are various security issues which we have to prevent.
Some of these issues include the penetrating of the unauthorized user while accessing the network remotely. So, to avoid this, A-A-A i.e. the A-A-A framework is used. The A’s in the framework are as follows:-
– Authentication
– Authorization
– Accounting
Here, in this article, we will focus on the terms of authentication and authorization, what these terms refer to and what is the difference between them.
Authentication
1. Username and password technique
Now firstly, let’s talk about the authentication. As the network is derived from humans and by humans, some terms are very common in the real world and the network world. One of these “such things” is the ‘Introduction’. While meeting face to face, our very first gesture is the handshake.
Later on, we introduce ourselves with the small intro of our name and the work we do. Human to the human introduction is comparatively easier (I am saying comparatively because actually, it’s not as it differs from person to person) but when we talk about the system and user interaction, how will the user will get introduced to the system is the serious concern. As a solution to this, the process of authentication is adopted.
In simple words, the system should be able to identify the user, so, the system assigns a set of username and a password for the user which is confidential and known only by the system and the user. Previously, many of us knew about the username and password technique but what actually it is or it comes under what is cleared by now.
2. Public key infrastructure technique (PKI)
Using the fundamentals of encryption and digital signature process, we can secure our network more accurately and efficiently than the simple username ID and password technique.
PKI technique also combines the use of private and public keys along with the hardware devices and software to protect the network. Through authentication, the two devices located far away from each other are able to introduce themselves and confirm their identity. If they both feel secure after sharing the identity, they can communicate further else not. So, authentication is very important to confirm the identity of the system in long-distance communication.
Related Link- What is a PKI Certificate? PKI Certificate Explained
Applications of authentication
1. The very first and important application is the social media handle, the authentication can protect email ID’s.
2. Logging in to the system in the bank or anywhere requires you to have the authentication in that particular domain.
Authorization
Authorization simply refers to the term permission. It defines a set of permission which the user has on the system. For example, in technical terms, when a software developer sells his software, the customer only has the privilege to use the software. But there is no access of source code to the customer that is the customer does not have the permission to make changes in the actual code.
The changes can only be made by the developer. Similar is the case for authorization. Authorization can tell what the user can actually do on the system that is what applications he has permissions to, what work he is able to do and what not.
After the authentication, when the communication starts, when we have access to the particular system, the tasks we are able to perform, the area where we can enter, the applications to which user has access to comes under authentication.
Applications of authorization
1. In managing bank accounts, imagine if someone wants to modify his/her account and he has access not only access to his account but to the account of each and every person. In this case there is need for authorization so he can modify only his account.
2. On various websites, some users are subscribed to premium membership. But if authorization is not there, everyone will be able to get the privilege of the premium membership. So, to restrict it, authorization is essential.
3. User’s credentials is the confidential thing. For marketing, your staff members may use some information about the user but they should not access all the confidential information. So in that case authorization is necessary to avoid the staff members from having access to the valuable information of the user.
Differences
1. Authentication checks who you are and by asking you the information that only you and the system knows allows you access to the system. On the other hand, authorization verifies the area or the applications, where is the user can enter, that is, it checks the permissions which user has after getting control over the system.
2. Authentication can be checked by various techniques such as username password, biometric authentication, PKI, captcha test, etc. Whereas, authorization can be checked by methods such as read-write access to files, access to the database, specifying user roles to data.
3. Authentication is generally controlled by a server to know who is accessing the system. In authorization, the server after approving the access checks the permission which the user has for the applications.
So, we can conclude that by knowing the terms authentication and authorization, we are able to understand the working of the network systems and how the access is assigned to the particular user. Now, we are also able to understand the working of some organizations such as bank systems and also the how and why software developer denies the access of his source code to the customer.
If these processes do not exist, many website users and organizations will have been hesitated in providing various privileges to the users. Also, the internet became a safer place to work due to these network security processes.