Abstract

This chapter focuses on computer security in the business world distributed systems. Users of traditional time-sharing systems were drawn from a wide range of organizations, and there was a need to prevent them from gaining unauthorized access to one another's files or, to put it more positively, to make sure that any sharing of files and resources was on a controlled basis. The first step in establishing a secure enclave is to control remote log-in. Ideally, this should not be allowed at all. The problem is essentially one of user authentication. To give a high degree of protection, authentication must go beyond simply requiring the applicant to quote a password or use an encryption key. There are various ways in which this can be done. For example, applicants can be required to speak on the telephone to a colleague who knows them well and who can vouch for them. There are many reasons why it is not a sufficient form of authentication for the distant computer to require the simple quotation of a password. Security depends on the integrity of the software in the gateway and it is desirable that this should be loaded through an input device directly connected to the gateway itself. It remains true that there are serious security risks in running any central information system. However, these do not arise primarily because of possible loopholes in the software. They arise because of the danger of human error in selecting the information to be stored and in setting the access controls.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.