Information Access Controls
Access control defines the methods used to ensure that users of your network can access only what they’re authorized to access. The process of access control should be spelled out in the organization’s security policies and standards. Several models exist to accomplish this. Regardless of the model you use, a few concepts carry over:
Implicit Denies These are where you specifically lock certain users out. In Unix and Linux, for example, you can choose who can use the at service by configuring either an at.allow or an at.deny file. If you configure the at.allow file, then only those users specifically named can use the service and all others cannot. Conversely, if you configure the at.deny file, then only the users ...
Get CompTIA® Security+™: Study Guide, Fifth Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
