Presentation is loading. Please wait.

Presentation is loading. Please wait.

Priority between clause rules. Wiki Cisco Usr Sales Usr Sales Usr HTTP Hi-Scan (HTTP| FTP) -> Low-Scan.

Published byIzaiah Borden Modified over 9 years ago

Similar presentations

Presentation on theme: "Priority between clause rules. Wiki Cisco Usr Sales Usr Sales Usr HTTP Hi-Scan (HTTP| FTP) -> Low-Scan."— Presentation transcript:

1 Priority between clause rules

2 Wiki Cisco Usr Sales Usr Sales Usr HTTP Hi-Scan (HTTP| FTP) -> Low-Scan

3 Wiki Cisco Usr Sales Usr Sales Usr Subject: HI_Sec_HTTP Clause: R1: Sales->Wiki: Subject: Hi_sec_HTTP R2: Cisco ->Wiki: Subject: Low_sec_HTTP Subject: Low_sec_FTP Clause: R1: Sales->Wiki: Subject: Hi_sec_HTTP R2: Cisco ->Wiki: Subject: Low_sec_HTTP Subject: Low_sec_FTP Filter: HTTP Action: Hi-Scan Filter: HTTP Action: Hi-Scan Subject: Low_Sec_HTTP Filter: HTTP Action: Low-Scan Filter: HTTP Action: Low-Scan Subject: Low_Sec_FTP Filter: FTP Action: Low-Scan Filter: FTP Action: Low-Scan Problem: If Sales guy is accessing FTP he would match R1 that will deny him access. He should match R2.

4 Wiki Cisco Usr Sales Usr Sales Usr Clauses: R1: Sales, -> Wiki, (HTTP | FTP) Subject: Hi_scan R2: Cisco ->Wiki, (HTTP | FTP|SSH): Subject: Low-scan Clauses: R1: Sales, -> Wiki, (HTTP | FTP) Subject: Hi_scan R2: Cisco ->Wiki, (HTTP | FTP|SSH): Subject: Low-scan Subject: Low Scan Action: Low-Scan Contract wide Subject: HI_Scan Action: Hi-Scan Possible solution

5 Wiki Cisco Usr Sales Usr Sales Usr Clauses: (First-match) R2: Cisco ->Wiki: Subject: Low_sec_HTTP Subject: Low_sec_FTP Clauses: (First-match) R2: Cisco ->Wiki: Subject: Low_sec_HTTP Subject: Low_sec_FTP Subject: Low_Sec_HTTP Filter: HTTP Action: Low-Scan Filter: HTTP Action: Low-Scan Subject: Low_Sec_FTP Filter: FTP Action: Low-Scan Filter: FTP Action: Low-Scan Subject: HI_Sec_HTTP Clauses: (First-match) R1: Sales->Wiki: Subject: Hi_Sec_HTTP Clauses: (First-match) R1: Sales->Wiki: Subject: Hi_Sec_HTTP Filter: HTTP Action: Hi-Scan Filter: HTTP Action: Hi-Scan Contract wide Contract Restricted Solves it.

6 Wiki Cisco Usr Sales Usr Sales Usr Clauses: (First-match) R2: Cisco ->Wiki: Subject: Low_sec_HTTP Subject: Low_sec_FTP Subject: Low_sec_SSH Clauses: (First-match) R2: Cisco ->Wiki: Subject: Low_sec_HTTP Subject: Low_sec_FTP Subject: Low_sec_SSH Subject: Lo_Sec_HTTP Filter: HTTP Action: Lo-Scan Filter: HTTP Action: Lo-Scan Subject: Lo_Sec_FTP Filter: FTP Action: Lo-Scan Filter: FTP Action: Lo-Scan Subject: HI_Sec_HTTP Clauses: (First-match) R1: Sales->Wiki: Subject: Hi_sec_HTTP Subject: Hi_sec_FTP Clauses: (First-match) R1: Sales->Wiki: Subject: Hi_sec_HTTP Subject: Hi_sec_FTP Filter: HTTP Action: Hi-Scan Filter: HTTP Action: Hi-Scan Contract wide Contract Restricted Sales Usr Enemy Nation Sales Usr Enemy Nation Contract Further Restricted Subject: HI_Hi_Sec_HTTP Clauses: R1: Sales & Outside ->Wiki: Subject: Hi-Hi-scan_HTTP Clauses: R1: Sales & Outside ->Wiki: Subject: Hi-Hi-scan_HTTP Filter: HTTP Action: Hi-Hi-Scan Filter: HTTP Action: Hi-Hi-Scan Subject: HI_Sec_FTP Filter: HTTP Action: Hi-Scan Filter: HTTP Action: Hi-Scan Subject: Lo_Sec_SSH Filter: SSH Action: Lo-Scan Filter: SSH Action: Lo-Scan Problem: For each such conflict I am forced to create hierarchy. It is getting complex

7 Wiki Cisco Usr Sales Usr Sales Usr Clauses: R0: Sales, Enemy Nation -> Wiki, HTTP Subject: Hi_Hi_scan R1: Sales, -> Wiki, (HTTP | FTP) Subject: Hi_scan R2: Cisco ->Wiki, (HTTP | FTP|SSH): Subject: Low-scan Clauses: R0: Sales, Enemy Nation -> Wiki, HTTP Subject: Hi_Hi_scan R1: Sales, -> Wiki, (HTTP | FTP) Subject: Hi_scan R2: Cisco ->Wiki, (HTTP | FTP|SSH): Subject: Low-scan Subject: Low Scan Action: Low-Scan Contract wide Sales Usr at Enemy Nation Sales Usr at Enemy Nation Subject: Hi_Hi_scan Action: Hi-Hi-Scan Subject: HI_Scan Action: Hi-Scan Possible solution

Download ppt "Priority between clause rules. Wiki Cisco Usr Sales Usr Sales Usr HTTP Hi-Scan (HTTP| FTP) -> Low-Scan."

Similar presentations

A Randomized Polynomial- Time Simplex Algorithm for Linear Programming CS3150 Course Presentation.

A Randomized Polynomial- Time Simplex Algorithm for Linear Programming CS3150 Course Presentation.
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Knowledge Nugget Become an ACL Wizard – Advanced ACL Editing Bogdan Doinea.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Knowledge Nugget Become an ACL Wizard – Advanced ACL Editing Bogdan Doinea.
Who vs. Whom and Incomplete Construction

Who vs. Whom and Incomplete Construction
NCAR National Center for Atmospheric Research 1 Security At NCAR Pete Siemsen National Center for Atmospheric Research November 22, 1999.

NCAR National Center for Atmospheric Research 1 Security At NCAR Pete Siemsen National Center for Atmospheric Research November 22, 1999.
Providing secure open- access networks Oliver Gorwits Oxford University Computing Services.

Providing secure open- access networks Oliver Gorwits Oxford University Computing Services.
Minimum Spanning Network: Brute Force Solution 34 43 49 53 59 67 71 75 77 83.

Minimum Spanning Network: Brute Force Solution
Technical Question Technical Question

Technical Question Technical Question
Aggregation, Prefix-tree, TCP EE122 Discussion 10/10/2011.

Aggregation, Prefix-tree, TCP EE122 Discussion 10/10/2011.
Solving Rational Equations A Rational Equation is an equation that contains one or more rational expressions. The following are rational equations:

Solving Rational Equations A Rational Equation is an equation that contains one or more rational expressions. The following are rational equations:
Unit 30 Subject Relative Clauses (Adjective Clauses with Subject Relative Pronouns)

Unit 30 Subject Relative Clauses (Adjective Clauses with Subject Relative Pronouns)
Policy Usecases Sanjay Agrawal, Hari Sankar June 2014.

Policy Usecases Sanjay Agrawal, Hari Sankar June 2014.
1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)

1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)
Access Control Lists Written by Bill Reed 03/11/05.

Access Control Lists Written by Bill Reed 03/11/05.
Access Control List ACL. Access Control List ACL.

Access Control List ACL. Access Control List ACL.
Wikipedia Knowledge Extraction.  Pronoun Resolution module  Infobox extraction  SRL parsing  Improved refinement  Clustering  Hadoop compatibility.

Wikipedia Knowledge Extraction.  Pronoun Resolution module  Infobox extraction  SRL parsing  Improved refinement  Clustering  Hadoop compatibility.
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)

1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
Firewalls. Intro to Firewalls Basically a firewall is a __________to keep destructive forces away from your ________ ____________.

Firewalls. Intro to Firewalls Basically a firewall is a __________to keep destructive forces away from your ________ ____________.
Access Control List (ACL)

Access Control List (ACL)
Firewalling With Netfilter/Iptables. What Is Netfilter/Iptables? Improved successor to ipchains available in linux kernel 2.4/2.6. Netfilter is a set.

Firewalling With Netfilter/Iptables. What Is Netfilter/Iptables? Improved successor to ipchains available in linux kernel 2.4/2.6. Netfilter is a set.
Policy Usecases May 2014. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 1. Prestaged Policies 1.Multi-tier Cloud Access.

Policy Usecases May © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 1. Prestaged Policies 1.Multi-tier Cloud Access.

Similar presentations

Ads by Google