Access Control Basics
Quite simply, access control means allowing the correct users in (those who are authorized) and keeping the others out (those who are not authorized). You can employ a great many tools and technologies to make this happen—all of which are discussed in this chapter—but the fundamental principle remains the same: Let the right ones in.
In the following sections, we will look at the difference between identification and authentication, authentication and authorization, multifactor authentication, and operational security. We will also look at tokens and problems to watch for as well as issues to consider.
Identification vs. Authentication
Critical to correctly answering questions asked on the Security+ exam about access control ...