70 likes | 160 Views
Priority between clause rules. Usecase. Wiki. Cisco Usr. Sales Usr. HTTP Hi-Scan. (HTTP| FTP) -> Low-Scan. Problem: Priority among Rules. Subject: HI_Sec_HTTP. Filter: HTTP Action: Hi-Scan.
E N D
Usecase Wiki Cisco Usr Sales Usr HTTP Hi-Scan (HTTP| FTP) -> Low-Scan
Problem: Priority among Rules Subject: HI_Sec_HTTP Filter: HTTP Action: Hi-Scan Problem: If Sales guy is accessing FTP he would match R1 that will deny him access. He should match R2. Subject: Low_Sec_HTTP Filter: HTTP Action: Low-Scan Subject: Low_Sec_FTP Wiki Cisco Usr Filter: FTP Action: Low-Scan Sales Usr Clause: R1: Sales->Wiki: Subject: Hi_sec_HTTP R2: Cisco ->Wiki: Subject: Low_sec_HTTPSubject: Low_sec_FTP
Usecase: 2 level Priority resolution with clause rules matching port ranges Possible solution Subject: HI_Scan Action: Hi-Scan Subject: Low Scan Wiki Cisco Usr Action: Low-Scan Sales Usr Clauses: R1: Sales, -> Wiki, (HTTP | FTP) Subject: Hi_scan R2: Cisco ->Wiki, (HTTP | FTP|SSH): Subject: Low-scan Contract wide
Usecase: Solution with contract Hierarchy Subject: HI_Sec_HTTP Filter: HTTP Action: Hi-Scan Solves it. Clauses: (First-match) R1: Sales->Wiki: Subject: Hi_Sec_HTTP Contract Restricted Subject: Low_Sec_HTTP Wiki Filter: HTTP Action: Low-Scan Cisco Usr Sales Usr Subject: Low_Sec_FTP Filter: FTP Action: Low-Scan Clauses: (First-match) R2: Cisco ->Wiki: Subject: Low_sec_HTTPSubject: Low_sec_FTP Contract wide
Usecase: 3 level Priority resolution with contract Hierarchy Subject: HI_Hi_Sec_HTTP Filter: HTTP Action: Hi-Hi-Scan Clauses: R1: Sales & Outside ->Wiki: Subject: Hi-Hi-scan_HTTP Problem: For each such conflict I am forced to create hierarchy. It is getting complex Contract Further Restricted Subject: HI_Sec_FTP Filter: HTTP Action: Hi-Scan Subject: HI_Sec_HTTP Filter: HTTP Action: Hi-Scan Wiki Clauses: (First-match) R1: Sales->Wiki: Subject: Hi_sec_HTTP Subject: Hi_sec_FTP Cisco Usr Sales Usr Sales Usr Enemy Nation Contract Restricted Subject: Lo_Sec_HTTP Filter: HTTP Action: Lo-Scan Subject: Lo_Sec_FTP Subject: Lo_Sec_SSH Filter: FTP Action: Lo-Scan Filter: SSH Action: Lo-Scan Clauses: (First-match) R2: Cisco ->Wiki: Subject: Low_sec_HTTPSubject: Low_sec_FTP Subject: Low_sec_SSH Contract wide
Usecase: 3 level Priority resolution with clause rules matching port ranges Possible solution Subject: Hi_Hi_scan Action: Hi-Hi-Scan Subject: HI_Scan Action: Hi-Scan Subject: Low Scan Wiki Cisco Usr Action: Low-Scan Sales Usr Sales Usrat Enemy Nation Clauses: R0: Sales, Enemy Nation -> Wiki, HTTP Subject: Hi_Hi_scan R1: Sales, -> Wiki, (HTTP | FTP) Subject: Hi_scan R2: Cisco ->Wiki, (HTTP | FTP|SSH): Subject: Low-scan Contract wide