QeeqBox

Identification, Authentication, Authorization, and Accountability

Written by

Giga Alqeeq

in

Identification

Identification is the process of claiming or declaring an identity, where a person, system, or object presents information that indicates who or what they are. It is the first step in identity verification, often involving credentials such as a username, ID number, card, or biometric data that represent the claimed identity. Identification by itself does not prove authenticity; instead, it signals the intent of the entity to be recognized, which is later confirmed through authentication mechanisms. This process is essential in security systems, as it establishes the basis for determining access rights and privileges.

  • Username
  • SSN

Example

id # command that shows user identity information (UID, GID, groups)

id

whoami # command that prints the current logged-in username

whoami

Authentication

Authentication is the process of verifying that a claimed identity is valid by confirming that the person, system, or object truly is who or what they assert to be. It typically follows identification and uses various methods such as passwords, PINs, security tokens, smart cards, or biometrics like fingerprints and facial recognition. Authentication can be implemented through single-factor, two-factor, or multi-factor approaches, depending on the required security level. By validating the authenticity of an identity before granting access, authentication helps prevent unauthorized use, strengthens trust, and protects sensitive systems and data.

Authentication factors

  • Something you know
    • Password
      • A sequence of characters that identifies a user
    • Personal Identification Number (PIN)
      • A sequence of numbers that identifies a user
  • Something you have
    • Passport
      • A travel document issued by a government that verifies their identity and international travel
    • Smartphone
      • A cellular telephone with an integrated computer 
    • Smart Card
      • A physical plastic card with an embedded microprocessor that stores and processes data (It acts as a security token)
    • Token
      • A device that’s used to gain access to restricted resource (Might include name, password, key, certificate, group, privilege)
  • Something you are
    • Fingerprint
      • A unique pattern made by a person’s fingertip friction ridges
    • Facial recognition
      • A technology that identifies a user based on their faces
    • Iris Scan
      • A technology that identifies a user based on their iris
  • Somewhere you are
    • IP address
      • A logical network address that is used to locate the device
    • MAC Address
      • A physical network address that is used to locate the device
  • Something you do
    • Pattern unlock
      • A technology that identifies a user based on drawing a specific pattern 
    • Picture Password
      • A technology that identifies a user based on selection of images

Example

passwd # command used to set or change a user’s password in Linux

passwd

Authorization

Authorization is the process of determining what actions, resources, or services a person, system, or object is permitted to access after their identity has been successfully verified through authentication. It defines the level of access granted, such as whether a user can read, modify, delete, or execute specific files, applications, or functions. Authorization is typically enforced through policies, access control lists, or role-based access control (RBAC), ensuring that users only perform actions aligned with their roles and responsibilities. This step is critical for enforcing the principle of least privilege, reducing security risks, and protecting sensitive information from misuse or unauthorized access.

  • Access Control
    • A security technique to protect a system against unauthorized access

Example

echo # command that prints text to the terminal or output stream
“example” # the text string being displayed 
> # output redirection operator 
file # the file where the output will be written (created or overwritten)

echo "QeeqBox" > file

sudo # run the command with administrative (root) privileges
groupadd # command used to create a new group in Linux
sales # name of the group being created

sudo groupadd sales

chown # command to change ownership of a file
john # user who will become the new owner
file.txt # file whose ownership is being changed

chown john file.txt

chgrp # command to change group ownership of a file
sales # group that will become the new group owner
file.txt # file whose group is being changed

chgrp sales file.txt

Accountability (Auditing)

Accountability (Auditing) is the ability to trace actions, events, or system changes back to a specific individual, system, or object, ensuring that every activity within an environment can be attributed to its source. It involves maintaining detailed logs, audit trails, and monitoring mechanisms that record who did what, when, and how. Accountability helps detect misuse, supports investigations, enforces compliance with policies and regulations, and promotes responsible behavior by making users aware that their actions are being tracked. By providing transparency and traceability, auditing strengthens overall security and trust within an organization’s systems.

  • Audit logs

Example

who # shows currently logged-in users on the system

who

last # shows history of user logins and system reboots

last

sudo # runs the command with root (admin) privileges
cat # command used to display file contents
/var/log/auth.log # system authentication log file (login, sudo, SSH events)

sudo cat /var/log/auth.log

Identity Management (IdM)

Identity Management (IdM) is the process of managing and controlling digital identities within an organization or system. It involves creating, maintaining, and governing user accounts, as well as assigning appropriate access rights and permissions based on roles or responsibilities. IdM ensures that only authorized individuals can access specific resources, applications, or data, while also maintaining compliance and security. This process includes activities such as authentication, authorization, password management, and account lifecycle management, helping to protect sensitive information and streamline user access.

Example

sudo # run command with admin (root) privileges
useradd # command to create a new user account
john # username being created

sudo useradd john

sudo # run command with admin (root) privileges
passwd # command to set/change a user password
john # username whose password is being set

sudo passwd john

Access Management (AM)

Access Management (AM) is the process of ensuring that people, systems, or objects have the appropriate level of access to resources, applications, and data based on their roles and responsibilities. It deals specifically with permissions and privileges, determining what a user or entity can do once authenticated. AM enforces policies such as granting, restricting, or revoking access, often using methods like role-based access control (RBAC), attribute-based access control (ABAC), or least privilege principles. By managing access effectively, organizations can reduce the risk of unauthorized activities, protect sensitive assets, and maintain compliance with security and regulatory requirements.

Example

echo # command that prints text to the terminal or output stream
“example” # the text string being displayed 
> # output redirection operator 
file # the file where the output will be written (created or overwritten)

echo "QeeqBox" > file

sudo # run the command with administrative (root) privileges
groupadd # command used to create a new group in Linux
sales # name of the group being created

sudo groupadd sales

chown # command to change ownership of a file
john # user who will become the new owner
file.txt # file whose ownership is being changed

chown john file.txt

chgrp # command to change group ownership of a file
sales # group that will become the new group owner
file.txt # file whose group is being changed

chgrp sales file.txt

Identity and Access Management (IAM)

Identity and Access Management (IAM) is the integrated framework of policies, processes, and technologies used to manage and control digital identities while ensuring that users, systems, or objects have the appropriate level of access to organizational resources. It combines Identity Management (IdM), which focuses on creating and maintaining digital identities, with Access Management (AM), which governs permissions and privileges. IAM solutions handle authentication, authorization, and account lifecycle management, enforcing security principles like least privilege and separation of duties. By implementing IAM, organizations can safeguard sensitive data, streamline user access, improve operational efficiency, and ensure compliance with industry regulations.

More posts