Defining access control rules

To protect hosts and resources, SES Evolution makes it possible to control access to the registry base, files, processes, networks, volumes, devices and Wi-Fi access points. To do so, create security rule sets that will allow you to control access to these resources and build a security policy.

For every rule, you can define:

  • How all applications behave by default with the resource targeted in the rule,
  • Specific behavior for certain applications.

For more information on application behavior, refer to Using default behavior and specific behavior in rules.

The sequence of rule in a policy matters, because as soon as a rule matches a packet, the rules that are placed after this rule may not necessarily be read. The most specific rules must therefore be placed before more general rules. For more information on the sequence of rules, refer to Organizing rules and rule sets in a policy.

Access control rules can be created in the Security > Policies menu in the console, under the Application, ACL resources, Networks and Devices tabs in rule sets.

Most access control rules function in the same way:

  • In the left section of the rule, define the resources that you want the rule to cover,
  • In the right section, define the actors in the rule (specific behavior) and grant or deny them access privileges to the targeted resources. The actions that can be performed on various resources are different for each rule type, depending on whether you are in a protection rule set or an audit rule set. In audit rule sets, each action can be set to Allow and Audit.

In both cases, resources and actors are represented by the identifiers that must be created beforehand or created directly in the rule for some types of rules. For more information, refer to the section Creating identifiers.

Security rules can be disabled at any time. For more information, refer to the section Disabling security rules.