ICT 301 Lecture Notes - Lecture 13: Discretionary Access Control, Database Security, Access Control
Document Summary
Detection and prevention of unauthorized disclosure of information. Detection and prevention of improper modification of information. Detection and prevention of denial of access attacks. Regulate authorized access with read, and write on data. Principle of least authorized minimal user profile privileges based on user"s job necessities. Establish limited authorities with ability to modify access rights. Subject: active entity that requests access to an object. Ex: user, program, or user at location. Access right: how a subject is allowed to access an object. Ex: subject s" is allowed to read only object o". For each subject access right to the objects are defined. Complexity and less access control for superadmin. Roles are assigned access rights to objects. Stratified levels allow for management of different granularities of roles. Understanding how permissions are awarded to users: Do not give root users access from any other location except the local computer. These users should use tcp over ssh to connect to db itself.