Stepping stone (computer security)

Stepping stone (computer security)

A stepping stone (StSt) is a type of computer security measure which consists of placing several logical security systems used as authentication servers in a serial disposition to emulate a physical narrow channel like a physical path formed by stones used to cross a river. Using this system it is possible to apply a granular control over each system acting as a 'stone' establishing so different risk levels as so many systems which it have been placed. I.e. If we need grant to a user access to an OpenSSH server to execute an application in a high security environment we could put a front-end system such as a Sun Solaris with Citrix Metaframe in the 1st security layer. Behind a MS Terminal Services with a SSH Client. thirdly, the last layer based on a Linux System with an OpenSSH Server which will grant access to the final application. Every system could to have a common secure system to log on as RSA SecureID, X.509 certificates based, challenge/response systems, etc. or a mixture of them. It will depends on the risk analysis over the environment treated. This computer security practices makes difficult the system usability and is hard to maintain so only should be implemented in high security environments. This practices could be considered as part of well known security principle:Security In-Depth, in this case, applied to the access control, adding logical barriers and trenches, composed by diverse authentication systems.


Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

  • Stepping stone — Stepping stone(s) can refer to: * Stones placed across a shallow river to form a step stone bridge so people can step from each to the next and so cross the river without getting their feet wet: see * Stones or shaped concrete blocks (aka pavers… …   Wikipedia

  • computer — computerlike, adj. /keuhm pyooh teuhr/, n. 1. Also called processor. an electronic device designed to accept data, perform prescribed mathematical and logical operations at high speed, and display the results of these operations. Cf. analog… …   Universalium

  • Glossary of contract bridge terms — These terms are used in Contract bridge[1][2] , or the earlier game Auction bridge, using duplicate or rubber scoring. Some of them are also used in Whist, Bid whist, and other trick taking games. This glossary supplements the Glossary of card… …   Wikipedia

  • education — /ej oo kay sheuhn/, n. 1. the act or process of imparting or acquiring general knowledge, developing the powers of reasoning and judgment, and generally of preparing oneself or others intellectually for mature life. 2. the act or process of… …   Universalium

  • ancient Greek civilization — ▪ historical region, Eurasia Introduction       the period following Mycenaean civilization, which ended in about 1200 BC, to the death of Alexander the Great, in 323 BC. It was a period of political, philosophical, artistic, and scientific… …   Universalium

  • Sony BMG — Music Entertainment Former type Joint venture Industry Music Entertainment Fate Sony buys …   Wikipedia

  • Mac OS X v10.5 — Infobox OS version name = Mac OS X v10.5 Leopard family = Imac logo size = 60px caption = Screenshot of Mac OS X v10.5 Leopard developer = Apple Inc. website = [http://www.apple.com/macosx/ www.apple.com/macosx/] source model = Closed source… …   Wikipedia

  • Malaysia — /meuh lay zheuh, sheuh/, n. 1. a constitutional monarchy in SE Asia: a federation, comprising the former British territories of Malaya, Sabah, and Sarawak: member of the Commonwealth of Nations. 20,376,235; 126,310 sq. mi. (327,143 sq. km). Cap …   Universalium

  • Open source software — (OSS) began as a marketing campaign for free software [cite web archiveurl=http://web.archive.org/web/20060423094434/www.opensource.org/advocacy/faq.html title=Frequently Asked Questions |publisher=Open Source Initiative archivedate=2006 04 23… …   Wikipedia

  • Address space layout randomization — (ASLR) is a computer security technique which involves randomly arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, in a process s address space. Benefits Address… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”