Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: rnal factors such as fires, floods, earthquakes, stolen disks/tapes, leaking out of stored information by a person who has access to the information, and so on. For external security, the commonly used methods include maintaining adequate backup copies of stored information at places far away from the original information, using security guards to allow the entry of only authorized persons into the computer center, allowing the access to sensitive information to only trusted employees/users, and so on. Internal security, on the other hand, mainly deals with the following aspects: 1. User authentication. Once a user is allowed physical access to the computer facility, the user's identification must be checked by the system before the user can actually use the facility. This requirement is taken care of by user authentication mechanisms. 2. Access control. A computer system contains many resources and several types of information. Obviously, not all resources and information are meant for all users. Therefore, even when a user passes the authentication phase and is allowed to use the computer facility, a way is needed to prohibit the user from accessing those resources/information that he/she is not authorized to access. This requirement is taken care of by access control mechanisms. 3. Cryptography. A third type of internal security is often used to protect unauthorized access of information that is highly critical in nature. That is, even if a user somehow manages to gain access to some information that he/she is not authorized to access, a way is needed to ensure that the user cannot make use of that information. This requirement is taken care of by cryptography mechanisms. Below we will discuss about the commonly used mechanisms for providing these three different types of internal security in computer systems. User Authentication User authentication deals with the problem of verifying the identity of a user (person or program) before permitting access to the requested resource. That is, an authentication mechanism prohibits the...
View Full Document

This document was uploaded on 04/07/2014.

Ask a homework question - tutors are online