Chapter 12. Controlling Authorizations

Previous page
Table of content
Next page
I l @ ve RuBoard

Authorizations are the privileges given to users and programs which allow them special rights. These rights limit how resources are utilized and help ensure appropriate use. Authorizations can be used either to restrict access or to grant selective access. Controlling authorization is the primary method of managing the resources which are available to users. The finer the granularity of the authorizations, the more control in assigning the right privileges for the right job. The following are some basic principles in building authorization models which support the kind of security model you have.

  • That which is not specifically denied is allowed. This open environment model requires prior knowledge of everything that is to be denied so that it can be specifically denied. This creates an environment which is very difficult to adequately secure. This model is often the result of the evolution of an environment without security implementing some basic security measures. Most security signature scanning technologies, such as virus scanners , work within this model. They cannot stop an attack until they know what the attack looks like. Anything is allowed until it is determined to be dangerous.

  • That which is not specifically allowed is denied. This is a closed model. Some would call it paranoid . However, it prevents unknown attacks. It also prevents users from doing anything which has not been defined as acceptable. This may slow the implementation of new systems and aggravate users. Businesses can use this model to control the consumption of resources ” requiring a business justification before allowing a behavior. Most security professionals agree that this model is required to build an environment where malicious attacks are a threat.

  • Provide the minimum privileges required. This strategy of giving the minimum privileges necessary to perform the task for the minimum amount of time that they are needed is called least privileges. This minimizes the chances of misusing privileges.

I l @ ve RuBoard

Previous page
Table of content
Next page
Halting the Hacker. A Practical Guide to Computer Security
Halting the Hacker: A Practical Guide to Computer Security (2nd Edition)
ISBN: 0130464163
EAN: 2147483647
Year: 2002
Pages: 210
Authors: Donald L. Pipkin
BUY ON AMAZON
Cisco CallManager Fundamentals (2nd Edition)
Competency-Based Human Resource Management
Mapping Hacks: Tips & Tools for Electronic Cartography
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy