Back to Security Pattern Catalog




Policy Enforcement Point


Classification Key : Perimeter Security

Problem

Malicious attackers attack a system through processes of the system that communicates with outsiders. If the number of processes communicating with outside environment grows large, then it is very difficult to maintain security because the attack can come through various points of access. Again, attack can come from authenticated users and their access policy has to be defined and enforced explicitly. How can you define an architecture that enforces access control?

Solution

Channel all outside communication through one point of the system. Use identification and authorization, and other security mechanisms at that point by defining security policies. Encapsulate the algorithm for the company’s security policy inside a component.

Known Uses

Policy enforcement at smtpd process in Postfix. Pluggable Authentication Module (PAM).

Related Patterns

Role Based Access Control, Policy, Single Access Point

Source

Wiley Book

Tags

Access Control, Policy


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz