costs.
has the time and authority to enforce policies.
different terms:
similar to a highway where all traffic is permitted, except where the signs say "no trucks
allowed." All other traffic flows normally--except the trucks, of course.
similar to backstage passes at major concerts. At the end of the show, people are allowed
to enter the star's dressing room only if their names appear on the security guard's
backstage pass list. All others are explicitly denied entrance to the star's dressing room.
as mobile users, telecommuters, and SOHO users. All of these access users need to be
authenticated somehow--usually by a password. The goal is to keep security as simple as
possible while providing a flexible and secure network.
weaknesses:
attackers, including session hijacking, in which a user monitors traffic between two hosts
and injects traffic as if it were one of the hosts, stealing the session. Because UNIX and
Windows NT servers use TCP/IP, they are vulnerable to these types of attacks. Figure 15-
4 shows a denial-of-service (DoS) attack. With denial of service, an attacker deliberately
overwhelms a server with too many requests or too much data, thereby denying service to
legitimate users. This problem is very hard to solve because the affected system cannot
determine whether the person is a legitimate user or an attacker. Other weaknesses
include: