차이
문서의 선택한 두 판 사이의 차이를 보여줍니다.
양쪽 이전 판이전 판다음 판 | 이전 판 | ||
identification [2013/07/11 06:01] – wiki1122 | identification [2024/04/04 05:12] (현재) – 바깥 편집 127.0.0.1 | ||
---|---|---|---|
줄 1: | 줄 1: | ||
- | ====== | + | * 사업 등 관련 문의: T) 02-322-4688, |
- | (출처 : wikipedia)\\ | + | |
- | In computing, e-Business, | + | ====== |
- | \\ | + | (출처 : http:// |
- | Access to protected information must be restricted to people who are authorized to access the information. The computer programs, and in many cases the computers that process | + | Identification |
- | Identification is an assertion of who someone is or what something is. If a person makes the statement " | + | |
- | Authentication is the act of verifying | + | |
- | There are three different types of information that can be used for authentication: | + | |
- | Something you know: things such as a PIN, a password, or your mother' | + | |
- | Something you have: a driver' | + | |
- | Something you are: biometrics, including palm prints, fingerprints, | + | |
- | Strong authentication requires providing more than one type of authentication information | + | |
- | After a person, program or computer has successfully been identified and authenticated then it must be determined what informational resources they are permitted to access and what actions they will be allowed to perform (run, view, create, delete, or change). This is called authorization. Authorization to access information and other computing services begins with administrative policies and procedures. The policies prescribe what information and computing services can be accessed, by whom, and under what conditions. The access control mechanisms are then configured to enforce these policies. Different computing systems are equipped with different kinds of access control mechanisms—some may even offer a choice of different | + | |
- | The non-discretionary approach consolidates all access control under a centralized administration. The access to information and other resources | + | |
- | Examples of common access control mechanisms in use today include role-based access control available in many advanced database management systems—simple file permissions provided in the UNIX and Windows operating systems, Group Policy Objects provided in Windows network systems, Kerberos, RADIUS, TACACS, and the simple access lists used in many firewalls and routers. | + | |
- | To be effective, policies and other security controls must be enforceable and upheld. Effective policies ensure that people are held accountable for their actions. All failed and successful authentication attempts must be logged, and all access to information must leave some type of audit trail.[citation needed] | + | |
- | Also, need-to-know principle needs to be in affect when talking about access control. Need-to-know principle gives access rights to a person to perform their job functions. This principle is used in the government, when dealing with difference clearances. Even though two employees in different departments have a top-secret clearance, they must have a need-to-know in order for information to be exchanged. Within the need-to-know principle, network administrators grant the employee least amount privileges to prevent employees access and doing more than what they are supposed to. Need-to-know helps to enforce the confidential-integrity-availability (C‑I‑A) triad. Need-to-know directly impacts the confidential area of the triad.\\ | + | |
\\ | \\ | ||
+ | 컴퓨터 보안에서 인증은 로그인 요청 등을 통해 통신 상에서 보내는 사람의 디지털 정체성을 확인하는 시도의 과정이다.(출처 : wikipedia) | ||
+ | |||
* [[: | * [[: | ||
* [[: | * [[: | ||
* [[: | * [[: | ||
* [[: | * [[: | ||
+ | |||
+ | * [[: |