This chapter focuses on authentication on an isolated computer or other system. We identified three different threat levels in Table 6.2. Now we further refine our view of the threats and risks so that we may construct policy statements. We do this by answering the following questions:
■ Is the computer used at home, at business locations, or both?
■ For each environment, are there threats?
■ For each threat, is there a weak or strong motivation?
Because we are protecting an isolated computer, people are threats only if they have direct physical access to the computer. Once they have access, the attacks may use physical, logical, or even social mechanisms. Some attackers might install simple software. The ...