Back to Security Pattern Catalog
Policy Enforcement Point
: Perimeter Security
Malicious attackers attack a system through processes of the system that communicates with outsiders. If the number of processes communicating with outside environment grows large, then it is very difficult to maintain security because the attack can come through various points of access. Again, attack can come from authenticated users and their access policy has to be defined and enforced explicitly.
How can you define an architecture that enforces access control?
Channel all outside communication through one point of the system. Use identification and authorization, and other security mechanisms at that point by defining security policies. Encapsulate the algorithm for the company’s security policy inside a component.
Policy enforcement at smtpd process in Postfix. Pluggable Authentication Module (PAM).
Role Based Access Control, Policy, Single Access Point
Access Control, Policy
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz