Logical Security of ComputerAccess controls (physical and logical security of computer controls) are designed to limit or detect access to computer programs, data, equipment, and facilities in order to protect these resources from unauthorised modification, disclosure, loss, or impairment. These controls are simply referred to as physical (see physical security of computer) and logical controls.By logical security of computer, it means the use of computer hardware and security software programs to prevent or detect unauthorised access by requiring the users to input unique user identifications (IDs), passwords, or other identifiers that are linked to predetermined access privileges. Logical security of computer (i.e the control) is directed at both the authorised and unauthorised users. In short, it performs the following functions:- 1) Logical security of computer prevents or detects unauthorised access . 2) It also restricts the access of a legitimate user to the specific systems, programs, and files they need to perform his/her work.
How does it achieve this? It achieves this by requiring users to supply unique user identifications (ID), passwords, or other identifiers that are to be linked to predetermined access privileges in order to determine the true identity of the user hence it prevents unauthorised users from gaining access to computing resources.
Logical Control - What does the Best Practice say? It has been advocated that logical security should start from the lowest, the OS, and moves up with securing the desktop functions and usability of applications. This will involve the following:
a) Vulnerability Assessment – This involves the assessment of the inherent weaknesses in the Operating Software and taking adequate controls to prevent them either by applying the patches provided by the vendor or applying the known best practice to correct or block the known weakness.
b) Authentication – This is the process used by a computer, computer program, or network to confirm the identity of a user. i) User IDs, also referred to as logins or logons, user names or accounts etc ii) Passwords. These are known as “Shared Secrets”. These are combinations of letters, numbers and special characters but in lower and upper case and at least 6 – 8 characters long that are used to identify the system users. iii) Digital Certificates – This is used to check the integrity of the encryption of the information (including but not limited to user name or user-ID, password) meant to be made confidential to the parties involved. This is value-added authentication. c) Firewalls – Firewalls are hardware devices and software that protect a systems from unauthorised access from either inside or outside to internal resources. d) Intrusion Detection Systems - from outside the organisation or from untrusted systems or users. This should control the any application and infrastructure flows in both directions; and should protect against denial of service attacks. e) Virus Protection – Computer viruses are self-propagating programs that infect other programs. Appropriate virus control program must be put in place. f) Control over confidential and confidential information – Sensitive and confidential information should be encrypted where appropriate.
|
