Manualshelf

User's Manual

ManualsBrandsSolaris ManualsSoftwareCX-310-301
11121314151617181920
Solaris 9 Security CX-310-301 16
Accountability
Accountability is the assignment of responsibility, frequently associated with user accounts on computer
systems. When you, as a user, are given a user account and password, you become accountable
(responsible) for all actions carried out by that user. Shared user accounts that are used by more than one
person undermine the accountability – how can you be certain of who did what? Maintaining accountability
is an important aspect of computer security. Companies often implement accountability on the assumption
that “if it’s your user account, you’re responsible”. It means that if you give your password to someone else
and that person causes untold damage, you will be held “accountable”.
Authentication
Authentication is the ability to prove who you are, i.e. your identity. It is not limited to human beings, it
might be a computer program accessing another, remote system. Authentication can be proved in a number
of ways:
¾ By entering a password
¾ By entering a pass phrase, used in secure communications
¾ By swiping a smartcard
¾ By IP address recognition
¾ By a trusted digital certificate from a trusted agent, such as Verisign.
Authorization
Authorization occurs after authentication and is the check that the user or system possesses the correct
rights to be able to access an asset, such as a data file or database.
Authorizations are provided (and restricted) through any of the following:
¾ Granting of permissions (chmod)
¾ Granting and revoking of database privileges
¾ Adding a user to a group
¾ Assigning a role to a user
¾ Using Access Control Lists (ACL)
Privacy
This is an important aspect as it has legal implications. A lot of countries implement a data protection act
and it is the holder of the information’s responsibility to protect personal and private data that might be
held, such as credit card information, names and addresses and so on. Privacy normally relates to sensitive
or personal information. The privacy of data can be targeted by a potential attacker for two main reasons: