Cyber security and access control
Author: huifan Time: 2020-11-02
The rapid development of computer networks is a double-edged sword. While influencing and changing people's work and lifestyles, due to the complexity and wide accessibility of networks, many security issues have also been added.
How can we effectively protect system resources from being invaded, stolen and destroyed?
At the moment, access control has played a great role: it can clearly define and restrict users' access to system resources, prevent illegal subjects from entering protected network resources, and allow legitimate users to access protected network resources. It can also prevent legitimate users from unauthorized access to protected network resources.
Access control is to allow or restrict access capabilities through a certain way to control access to key resources and prevent the intrusion of illegal users or the damage caused by the careless operation of legitimate users.
As a result, the confidentiality and integrity of information resources are protected.
There are two types of access control: discretionary access control and mandatory access control.
Discretionary access control (DAC): The user has the right to access the created access objects, and can also delegate the access rights of these objects to other users and also can withdraw the rights from the granted users.
Mandatory access control (MAC): The system performs unified mandatory control on objects created by users, and determines which users can access which objects according to the rules. Those that do not comply with the rules cannot be accessed. Even the creator, after creating an object, may not have permission to access the object.
The difference between them: DAC's data access authority can be independently controlled by the user, while MAC is controlled by the system, not the user can directly perceive or control.
The main purpose of access control is to maintain the security of the network system and ensure that network resources are not illegally used or accessed abnormally. Generally, there are these aspects in technical implementation:
⑴Resource access control：Including file system access control, file attribute access control, information content access control.
⑵Access control of network ports and nodes：Nodes and ports in the network are often encrypted to transmit data, and the management of these important locations must prevent attacks from hackers. For managing and modifying data, visitors should be required to provide a validator (such as a smart card) that is sufficient to prove their identity.