Glossary of some Commonly used terms related to Information System Security
1. Access Control
Meaning : Protection of s system resource against unauthorised access.
Going Further : It is a Process by which use of system resources is regulated according to a security policy and is permitted by only authorized entities, such as user or a programs or other systems. "The prevention of unauthorized use of a resource,
including the prevention of use of a resource in an unauthorized
manner."
Related Links : Access Control List
2. Access Control List ( ACL )
Meaning : A method to implemente Access Control for a system by maintaining a list of System Entities that are permitted to access the resource and stating implicitly or explicitly, the different access modes granted to every entity
Going Further : Most Applications keep ACLs to grant different modes of permission to different users
Related Links : Access Control, Access Control Matrix
3. Access Control Matrix
Meaning : A rectangular array of cells, with one row per subject and one column per object. The entry in a cell -- that is, the entry for a particular subject-object pair -- indicates the access mode that the subject is permitted to exercise on the object. Each column is equivalent to an "access control list" for the object; and each row is equivalent to an "access profile" for the subject.
Related Terms : Access Control, Access Control List ( ACL )
3. Anonymity
Meaning : The condition of an identity being unknown or concealed.
Going Further : An application may require security services that
maintain anonymity of users or other system entities, perhaps to
preserve their privacy or hide them from attack. To hide an
entity's real name, an alias may be used; for example, a financial
institution may assign account numbers. Parties to transactions
can thus remain relatively anonymous, but can also accept the
transactions as legitimate. Real names of the parties cannot be
easily determined by observers of the transactions, but an
authorized third party may be able to map an alias to a real name,
such as by presenting the institution with a court order. In other
applications, anonymous entities may be completely untraceable.
Related Terms : anonymous login
4. Anonymous Login
Meaning : An access control feature that enables users to gain access to general purpose services or resources of a host, without having a pre-established identify specific account ( i.e username and password ) . E.g: Allowing users to transfer data using FTP
Going Further : This feature exposes a system to more threats than when
all the users are known, pre-registered entities that are
individually accountable for their actions. A user logs in using a
special, publicly known user name (e.g., "anonymous", "guest", or
"ftp"). To use the public login name, the user is not required to
know a secret password and may not be required to input anything
at all except the name. In other cases, to complete the normal
sequence of steps in a login protocol, the system may require the
user to input a matching, publicly known password (such as
"anonymous") or may ask the user for an e-mail address or some
other arbitrary character string.
Related Terms : anonymity
No comments:
Post a Comment