DCOM Explained
The "big picture" of DCOM architecture for system designers and technical managers.
TABLE OF CONTENTS DCOM Explained
Policy Setting
We have seen what risks there are and how serious those risks can be. How, then, does a company decide what needs to be protected? The answer is that it must task a security administrator to define the company policy. All companies need to have a security policy. The aim of the policy is to list a set of rules that precisely defines:
-
which users or groups of users (who)
-
are allowed access to which applications and data (what)
-
together with the dates, times, days, and so on when they are allowed to access them (when)
-
where they are allowed that access (from where and to where)
-
as well as how they are allowed to do it (equipment, lines, and so on)
For example:
-
All users are allowed to access the Web Server XXX to look at pages A, B, C, D, E, F, G, at any time, from any location.
-
John Smith is allowed access to Web Server XXX to amend pages A, B, C, D, from 9 to 5, Monday to Friday, from Machine XXXX in Building SSS.
-
Alan Jones is allowed to use Payroll Function "Enter Bonus Payments" to access Manchester's Payroll data, Monday to Friday from 8.00 a.m. to 6.00 p.m., from terminal CCCCC in Payroll Room AQSRT.
-
Annie Oakley is allowed to use DBMS ZZZ administrator's utility TTTT to reconfigure, reorganize, and repair Manchester Payroll database, Ealing Payroll Database, Boston Payroll Database, and Chicago payroll database at any time, from Machines X, Y,...
Copyright Butterworth-Heinemann 1998 under license agreement with Books24x7
