If inappropriate access is gained to databases, changes to critical or sensitive (such as national security and payroll) data can be made only by specific users, by users with permissions specific to the sensitive data, or by using additional knowledge not contained in the database and not derivable from the same validation that granted access, that is, the original password.If inappropriate system access occurs, inappropriate access to databases and system resources is denied, so that even validated users can access only the resources for which they are known to have permission.Inappropriate system access is denied, so that someone requesting access who cannot prove legitimacy cannot act as a user.The design goals of security systems and methods are that, to the greatest extent possible with the resources available, the following objectives be achieved: Whatever the source of the inappropriate action, the ideal scene is for it to fail. Some are teenagers some are competitors some are foreign governments and some are criminals. While databases, applications, operating systems, and communication methods have grown ever more complicated and interwoven, so too has the number and sophistication of attackers. In today's Internet-connected world, security concerns have multiplied beyond every simple solution because the number and complexity of such inappropriate possibilities have multiplied with every new Internet user and business connection. This chapter refers to all such undesired effects as "inappropriate." Security for computer systems means protection for data, processes, and transmissions against unauthorized, accidental, malicious, or otherwise inappropriate access, use, corruption, or misrepresentation. Trade-offs Between Security and Other Business Needs.Attributes Needed for Successful Security.This section provides an overview of Internet security issues. Security Considerations in an Internet Environment.Security Needs in an Internet Environment.This chapter contains the following topics:
For readers whose experience is less extensive, this chapter can provide a framework for understanding the problems that must be confronted and the methods currently in use. For security professionals, the issues and solutions will be familiar. This chapter presents an overview of security requirements in a Web environment. Security Fundamentals in a Web Environment
0 kommentar(er)
