![[first slide]](../icons/info.gif){kind=icon}
|
Security Policy Enforcement at Application & OS layer vs. Network layer (2/2) | ![[previous slide]](../icons/prev.gif){kind=icon}
|
![[next slide]](../icons/next.gif){kind=icon}
|
|
| Application & OS layer | Network layer |
|---|---|
| Difficult to get coherent | Coherent by design |
| High cost | Medium cost |
|
Static policy enforcement: Access granted when opening the files, the socket or launching programs. If access changes, access is still granted. |
Dynamic policy enforcement: Access granted in realtime along the time including access revocation. If access changes, existing sessions are stopped. |
| Will be able to move to X.509 certificates | Will be able to move to X.509 certificates |
| Apply first your security at the Network Layer |
® © Hervé Schauer Consultants December 1999 -
142, rue de Rivoli -
F-75001 Paris -
France Phone: +33 141 409 700 - Fax: +33 141 409 709 - Email: <secretariat@hsc.fr> |
- Page 43 - |