Description
Logical access control within NIH is provided at the network, operating system, and application level.
- Network Access Control. Network access controls can be provided by a variety of mechanisms both alone and in combination. However, the primary method of providing network access control in an enterprise environment is via a firewall. By1Q04, Gartner predicts that more than 50 percent of Fortune 1000 enterprises will have distributed firewalls internally.
- System Access Control. Access control can also be provided by the client or server operating system. Host access control can also be provided at the operating system level via third party products that are designed to enhance an operating system’s native access control facilities.
- Application Access Control. Application access control can be provided by either the underlying Data Base Management System (DBMS) or by the application itself.
- Content Filtering. Access control can also be based on content or sites. The motivation to block certain content or sites is driven by NIH acceptable use policy.
Brick Information
Tactical
(0-2 years)
|
Strategic
(2-5 years)
|
|
|
Retirement
(To be eliminated)
|
Containment
(No new development)
|
|
- Gauntlet (Application proxy requirements only)
- Lucent
- IP Chains
|
Baseline
(Today)
|
Emerging
(To track)
|
- Firewalls
- BorderManager
- Checkpoint
- Cisco PIX
- Enterasys
- Gauntlet
- Lucent
- Netscreen
- Other Network Access Control
- MAC Address ACLs Network Address Translation
- VLAN Router Access Control Lists
- SSID
- Domain Blocking
- VPN
- IP Tables
- Repository
- System Access Control
- SAMBA
- IBM Host Access Class Library
- Pelican
- TCP/IP Wrappers
- Sudo
- Okena Stormwatch
- Citrix CSG
- Application Access Control
- Role-based Access Control
- DBMS
- Content Filtering
|
- Host Based Firewall
- Intrusion Prevention
|
Comments
Time Table
This architecture definition approved on:
July 18, 2003
The next review is scheduled in:
TBD