This preview shows page 1. Sign up to view the full content.
Unformatted text preview: rnal factors such as fires, floods, earthquakes,
stolen disks/tapes, leaking out of stored information by a person who has access to
the information, and so on. For external security, the commonly used methods
include maintaining adequate backup copies of stored information at places far
away from the original information, using security guards to allow the entry of
only authorized persons into the computer center, allowing the access to sensitive
information to only trusted employees/users, and so on. Internal security, on the
other hand, mainly deals with the following aspects:
1. User authentication. Once a user is allowed physical access to the computer
facility, the user's identification must be checked by the system before the user can
actually use the facility. This requirement is taken care of by user authentication
2. Access control. A computer system contains many resources and several
types of information. Obviously, not all resources and information are meant for
all users. Therefore, even when a user passes the authentication phase and is
allowed to use the computer facility, a way is needed to prohibit the user from
accessing those resources/information that he/she is not authorized to access. This
requirement is taken care of by access control mechanisms.
Cryptography. A third type of internal security is often used to protect
unauthorized access of information that is highly critical in nature. That is, even if
a user somehow manages to gain access to some information that he/she is not
authorized to access, a way is needed to ensure that the user cannot make use of
that information. This requirement is taken care of by cryptography mechanisms.
Below we will discuss about the commonly used mechanisms for providing these
three different types of internal security in computer systems.
User authentication deals with the problem of verifying the identity of a user
(person or program) before permitting access to the requested resource. That is, an
authentication mechanism prohibits the...
View Full Document
This document was uploaded on 04/07/2014.
- Spring '14