Cloud Computing 05 User Security

User Security

This video explains about how the user security of computers, especially the Personal Computers as in PCs evolved over the time. Initially the PCs were single user PCs, then evolved into multi user PCs. When I say PCs, the Operating System is an integral part of it. After them becoming multi user, then they became a part of larger group in their local network called Domain. Now all of a sudden the user authentication itself evolved into a separate branch in IT Security thus giving was for Directory Services. Directory Services will be discussed in the next video of this series.

This video is being made in the year 2020 and if you look at your mobile, what do you think about its security? Does it support multi user login like your Windows PC or Mac Computer? No. It is just a single-user based system as of now. And that’s some default user inbuilt into the Operating System. You don’t get to name the login name of that user. The popular Operating Systems for mobile devices now are iOS from Apple and Android by Google. They don’t even ask you the login name. Technically you use either an Apple ID or Google ID, but let’s ignore that for the sake of explaining this in a simple manner. So, at the max, your phone may ask you to unlock it using a code that you had already stored. Anyone who has the code can unlock your phone and access the apps and data inside, as you would. That’s it. Once it is unlocked, it doesn’t differentiate who the user is.

The earlier PCs were like the current mobile phones. Microsoft DOS was the popular operating system then. Once you power on the computer, it will boot and simply take you inside by presenting a text based prompt waiting for your command. Then you can do whatever you want. Simple. Optionally some computers came with a feature in the BIOS where you can set a password. And it was similar to this screenlock code that we saw in the phones, except that it prompted for the password only during power on. There were no screen locks back then. Also the Operating Systems were text based, mostly.

Then the Operating for PCs started to become more and more GUI, as in Graphical User Interface based. They also supported Multi-user logins. So, when you power-on a computer, you were presented with the login screen to authenticate you using your login name and password combination. These usernames and passwords were part of the Operating System itself. In other words these login names and passwords were stored within the OS in a secured location. Once you login, you can still access all the files that reside in that computer.

But soon that also became restricted. Access to the files stored in the computer were granted based on the login names also known as usernames. For example, it became possible that we can allow someone to use our computer using a different login name for them and yet make them not to have access to all the files stored on the computer. Windows NT and later Windows 95 started offering this feature. But remember that the username or login name and the password details are owned by each computer.

Then when these PCs became a part of a local network led by a Server, then the user authentication was handled by the central server. 

Like these PCs and a Server were logically grouped into a Domain. The Server would be the Domain Controller, meaning that it is the main controller of that domain and the rest of the PCs are part of the domain. In this setup, the usernames/passwords were stored centrally in the Domain Controller Server. So, anyone with an account in the Domain Controller can use any of these computers and login using their domain account. 

But things did not stay as simple as this. Soon there were multiple domains. There were Multiple domain controllers in a domain. Like Primary Domain Controllers, Backup Domain Controllers etc. And there requirements for users from one domain to access resources in another domain. Certainly we did not want to create duplicate accounts for users in each domain. At the same time, how do make a user from Domain D to access data from Domain A? Where do we store the username password info. As it became much complex, a branch in information security was formed called Directory Services. Directory refers to the user or login authentication info at the core. Let me explain about this in the next video.