Policy Enforcement Point
Classification Key
: Perimeter Security
Problem
Malicious attackers attack a system through processes of the system that communicates with outsiders. If the number of processes communicating with outside environment grows large, then it is very difficult to maintain security because the attack can come through various points of access. Again, attack can come from authenticated users and their access policy has to be defined and enforced explicitly.
How can you define an architecture that enforces access control?
Solution
Channel all outside communication through one point of the system. Use identification and authorization, and other security mechanisms at that point by defining security policies. Encapsulate the algorithm for the company’s security policy inside a component.
Known Uses
Policy enforcement at smtpd process in Postfix. Pluggable Authentication Module (PAM).
Related Patterns
Role Based Access Control, Policy, Single Access Point
Source
Wiley Book
Tags
Access Control, Policy
|