The statement that security mechanisms should default to no access means that if nothing has been specifically configured for an individual or the group she belongs to, that user should not be able to access that resource. If access is not explicitly allowed, it should be implicitly denied. Security is all about being safe, and this is the safest approach to practice when dealing with access control methods and mechanisms. In other words, all access controls should be based on the concept of starting with zero access, and building on top of that. Instead of giving access to everything, and then taking away privileges based on need to know, the better approach is to start with nothing and add privileges based on need to know.
When a security application
or device is installed, it should default to “No Access.” This means that when
Laurel installs a packet-filter firewall, it should not allow any packets to pass into the
network that were not specifically granted access.
|| 
No comments:
Post a Comment
You will get Reply with in 24 hours