The system must control applets’ accesses to sensitive system resources, such as the file system, the processor, the network, and internal state variables. But the term “the file system” is very broad, and useful applets usually need some persistent storage. Suggest controls that could be placed on access to the file system. Your answer has to be more specific than “allow all reads” or “disallow all writes.” Your answer should essentially differentiate between what is “security critical” and not or “harmful” and not.
What will be an ideal response?
On the order of a host-?based intrusion detection system, consider what privileges the applet requires: to which resources it should legitimately have access.Consider files to which no or few applets should have access, such as the password file, configuration files, and other security-?critical databases. Consider giving an applet full access to a fenced-?off storage space, but denying the applet direct access to other files: to what resources does the applet need access to be useful?Be sure to distinguish between “need” and “want”: sometimes recoding the applet can allow it to be access fewer resources without limiting its effectiveness.
You might also like to view...
A forest transitive trust enables you to share resources between forests operating at the Windows Server 2003 or higher forest functional level. Users in either forest can be authenticated to and access resources in the other forest if _______________
a. The users have accounts in each forest b. The trust is two-way c. The users are in the Domain Admins group d. The users have roaming profiles
Which of the following protocols operates at the transport layer of the OSI model?
a. FTP b. TCP c. DNS d. IP