Most network security systems operate by allowing selective use of services based on registration and/or subscriptions. An Access Control List (ACL) is the usual means by which access to, and denial of, services are controlled, by associating the services available with the hosts (users) permitted to use the service. An ACL also specifies, using control expressions, what access privileges users have to a respective service. For example, the ACL for use of a directory may specify the right to lookup, insert, delete, read, write, lock, or administer the files in the directory. The ACLs are attached to network objects such as services, servers, sub-networks, etc.
In general, there are two traditional models for setting access policies for resources, namely a “one-size-fits-all” approach, in which all resources are governed by the same access policy, and a “by-resource” approach, in which each resource is governed by a separate policy. The first approach is advantageous for a network manager, but it does not function well in a complex networking environment since different resources may have different access needs. The second approach is advantageous for the resources, because they can have individual policies applied to them depending on their specific requirements, but disadvantageous for the network administrator who cannot easily administer access policies for the network as a whole.
There are many other issues to be addressed by any access control scheme. Thus, there may be multiple levels of network administration and administrators within the network, which all must be synchronized to ensure that there is a consistent policy over the network as a whole. In addition, access authorizations to portions of a shared resource can be unique to each host, or many hosts may have identical groups or combinations of authorizations. Also, it is possible that a certain number of hosts will have similar privileges on the same resources.
Currently, the access control policies are configured manually, and the access of hosts to particular resources are implemented by an administrator. As the number of the shared resources and of resource users increases, generation and management of access authorizations, particularly when the network topology changes, becomes a very complex task. The process of manually editing entries in an extensive list is time consuming and is also subject to errors, often denying access to authorized users for an extended period of time, or, conversely, permitting access for an extended period of time after a desired termination of access authorization, while the changes are implemented. As well, errors such as failure to delete obsolete access authorizations tend to accumulate over time and compromise security of the system.
Access control schemes evolved with a view to making the administrator task easier. Thus, it is known to group resources with similar policies, based on types of accessing users, types of objects (resources), and organization structures. However, policies for different groups of resources and users cannot easily be related to one another, and they also tend to diverge over time, even in their common aspects. Furthermore, if the general policy for the entire network needs to be modified, the group policies must be individually changed. Therefore, while this approach achieves an intermediate level of granularity as compared to the one-size-fits-all and by-resource approaches, it is still not optimal.
There is a need for a system that provides a central view of the network security configuration concerning the filtering rules in the network. There is also a need for a system that allows end-to-end configuration of the ACLs, from the definition of the flows between the network servers to the deployment of the rules on the servers or like devices, with monitoring of the flows. As well, there is a need for an improved system for controlling access to network servers or like devices, especially in the Internet/intranet networking arena.