Client Access Control

Securing IoT devices: Fortinet's FortiNAC automates the process | CSO Online

Network access controls the act of keeping unauthorized users and devices out of a private network. Without access controls, network access is unrestricted.
Note that if you are using a wired connection, a password (or a similar security mechanism) is needed to restrict the network access and that’s why there are software which help with network control and you can find at sites such as https://www.fortinet.com/solutions/enterprise-midsize-business/network-access.
The diagram below shows a basic security design:
Client computers must be able to access the shared files, but must not be able to read or modify the files of their own networks. To make this work, each client machine should have its own server and local network. This way, each client machine can access its own files, but can only view files stored on the server machine. (Note that an alternate way to make this work would be to place a copy of your server on a second, private network and access the shared files there.)
Here’s a simple example of how a client access control works.
The client machine logs into the shared network on port 3389 (or a similar port). If the local network has access control, the local client machine does not have access.
The client machine receives a list of files on the shared network. For each file on the server, the client machine reads the file header, checks the file type, checks the file size and checks the permissions. The client checks for any conflicts between the file it is accessing and any files on the server.
The client downloads the file to its local hard disk.
The client puts the file on a temporary server.
The client sends its return code to the server. The server generates an access token and sends it back to the client.
If the client’s token matches the access token from the server, it is allowed to access the file.
If the client’s token does not match the access token from the server, it is denied access to the file.
If the server does not permit the client to access the file, the server sends the client an “Access denied” or “Access denied” error message.
In the simple case described, the access control on the client and server is automatic. In the case described above, the server generates an access token for each client, and the server retains the access tokens for future sessions. The token is used to instruct the client how to access the file. The client may not use the access token for file storage, but must always be able to gain access to the file if a connection to the shared network is made.
Note: In most cases, it is much simpler to use a “password” of the appropriate type for each computer in the network. You can download a free copy of the “Adobe Access System Administrator Password Manager” at http://www.adobe.com/go/AdobeAccessManager. The password is used to control access to files and directories on the shared network. Note that some files on the network may not be accessible to the server. However, in a file sharing environment, the client computer can access the file even if the file does not exist on the server. In this case, you could have the client password generate a “last known good” token which is then stored on the server for use by the client. The token is only stored for the session to which it applies. If the token is used for other sessions, it is discarded.

 

Bojan Tunguz

Bojan Tunguz was born in Bosnia and Herzegovina, which he and his family fled during the civil war for the neighboring Croatia. Over the past two decades he has studied, lived and worked in the United States. He is a theoretical physicist with degrees from Stanford and University of Illinois. Tunguz has taught physics at several prominent liberal arts colleges and has been writing about physics, science and technology for more than a decade. He also has a wide spectrum of interests, and reads and writes about current events, society, culture, religion and politics. Over the years he has reviewed many of the books that he has read, and posted his reviews on various online outlets. In 2011 he had become a top 10 reviewer on Amazon.com, where he continues to be very active. Aside from reading and writing, Tunguz enjoys traveling, digital photography, hiking, and fitness. He resides with his wife in Indiana. You can follow my review updates on the following pages as well: Facebook: http://www.facebook.com/tunguzreview Twitter: http://www.twitter.com/tunguzreviews Google+: https://plus.google.com/u/0/104312842297641697463/posts

Visit Website

There are no comments yet, add one below.

Leave a Comment

Your email address will not be published. Required fields are marked *

*