Back to Security Pattern Catalog

Policy Enforcement Point

Classification Key : Perimeter Security


Malicious attackers attack a system through processes of the system that communicates with outsiders. If the number of processes communicating with outside environment grows large, then it is very difficult to maintain security because the attack can come through various points of access. Again, attack can come from authenticated users and their access policy has to be defined and enforced explicitly. How can you define an architecture that enforces access control?


Channel all outside communication through one point of the system. Use identification and authorization, and other security mechanisms at that point by defining security policies. Encapsulate the algorithm for the company’s security policy inside a component.

Known Uses

Policy enforcement at smtpd process in Postfix. Pluggable Authentication Module (PAM).

Related Patterns

Role Based Access Control, Policy, Single Access Point


Wiley Book


Access Control, Policy


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz