After a system is designed, identification of various failure modes can assist a designer in evaluating the probability of element failure and recognize the links that are more essential for the security of the entire system. It is essential to eradicate or at least strengthen such single points of failure or in a system that involves high-assurance. Various solutions are available to address the perimeter defense of a network at the boundaries, but the highest threat to unauthorized access and information fraud remains with the internal network at the access level (Scott & Sharp, 2002).
Access control is considered the mechanism that identifies and controls who can and cannot access a network, an application, a resource, or a particular data. As the IT Security Officer, I will first consider the access that will be granted to the other users and then design strategies to make sure that only desired users have actual access. It is an essential concept and forms the basis of a safe and secure Web application.
It is possible to provide security for a web application through giving users rights and privileges. These privileges dictate who can and cannot have access to the application (Curphey & Arawo, 2006). For example, when using a web server which shares application, I can configure the server to allow particular users access to the shared resources. The Administrator account, for example, can grant access to every aspect of the Web application while other users have limited access.
In the strictest terms, access control is a general way of controlling access to a specific resource. Access can be provided or denied depending on various criteria which including the network address of the client, the Web site browser, time of the day, and other general limitations. In addition, I will ensure network access is controlled through arbitrary conditions that can or cannot have anything to do with the attributes of a specific visitor.
References
Curphey, M., & Arawo, R. (2006). Web application security assessment tools. IEEE Security & Privacy, 4(4), 32-41.
Scott, D., & Sharp, R. (2002, May). Abstracting application-level web security. In Proceedings of the 11th international conference on World Wide Web (pp. 396-407). ACM.
