This module defines the Zone
class.
Zones are the basis of access control. A zone consists of a set of IP addresses, address ranges, or subnet. For example, a zone can contain an IPv4 or IPv6 subnet.
Zones are organized into a hierarchy created by the administrator. Child zones inherit the security attributes (set of permitted services etc.) from their parents. The administrative hierarchy often reflects the organization of the company, with zones assigned to the different departments.
When it has to be determined what zone a client belongs to, the most specific zone containing the searched IP address is selected. If an IP address belongs to two different zones, the most specific zone is selected.
Example 5.45. Finding IP networks |
---|
Suppose there are three zones configured: This approach is used in the service definitions as well: when a client sends a
connection request, the most specific zone containing the IP address of the
client is looked up. Suppose that the clients in |
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu