Control SuspendUnauthenticClientAccess

URI: SuspendUnauthenticClientAccess

Package: ProcessComms

< prev | next >

Description: Signifies that access to a service in a specific client role may be temporarily disabled if their means of authentication is compromised, i.e. the policy allowing access to a service in that client role may be dynamically switched on or off. This represents a contingency plan which will compromise availability, to an extent based on the likelihood of the attack. This control governs access rights for a specific client to a specific service, and so applies to the inferred Client-Service Relationship asset representing their mutual trust.

ClientChannel

Represents a trust relationship between a Client and a Service. Exists where the two communicate directly, or where the Service may need to know the identity of the Client.

CSG-AutoSuspendUnauthenticClientAccess

Access to service Service by client Client may be automatically disabled to prevent authenticated attacks by impersonated clients, at the cost of some reduction in availability. This strategy represents a contingency plan, which can be used to reduce risk from some threats but it also triggers other threats representing possible side effects, depending on how likely it is that the contingency plan will need to be activated.

CSG-AutoSuspendUnauthenticClientAccess-Implementation-Runtime

Access to service Service by client Client has been automatically disabled to prevent authenticated attacks by impersonated clients. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. Activation at runtime requires Service to be managed by a suitable adaptation framework. The Disable Client Access control should be deselected if and when access by Client to Service has been enabled once again.

CSG-SuspendUnauthenticClientAccess

Access to service Service by client Client may be temporarily disabled by its manager ServiceManager to prevent authenticated attacks by impersonated clients, at the cost of some reduction in availability. This strategy represents a contingency plan, which can be used to reduce risk from some threats but it also triggers other threats representing possible side effects, depending on how likely it is that the contingency plan will need to be activated.

CSG-SuspendUnauthenticClientAccess-Implementation-Runtime

Access to service Service by client Client is disabled by the process manager ServiceManager to prevent authenticated attacks by impersonated clients. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. To activate it at runtime, signal the process manager ServiceManager. The Disable Client Access control should be deselected if and when access by Client to Service has been enabled once again.