Welcome to Bucaro TecHelp!

Bucaro TecHelp
HTTPS Encryption not required because no account numbers or
personal information is ever requested or accepted by this site

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

Difference Between Rule and Role Based Access Control

Access control is the method used to block or allow access to a network or network resources. Two types of access control are rule-based and role-based. These methods are used by firewalls, proxy servers, and routers. The difference between rule-based and role-based access control is described below.

Rule-Based Access Control (RuBAC)

With rule-based access control, when a request is made for access to a network or network resource, the controlling device, e.g. firewall, checks properties of the request against a set of rules. A rule might be to block an IP address, or a range of IP addresses. A rule might be to allow access to an IP address but block that IP address from use of a specific port, for example port 21 commonly used for FTP, or port 23 commonly used for Telnet. A rule might be to block a specific IP address, or block all IP addresses from accessing certain applications on the network, such as email or video steaming.

Role-Based Access Control (RoBAC)

With role-based access control, when a request is made for access to a network or network resource, the controlling device allows or blocks access to a network or network resource based on that user's role in the organization. For example, an individual with the engineer role in an organization might be allowed access to the specifications of parts used in the company's product, but blocked access to employee records. An individual with the supervisor role might be allowed access to employee records, but blocked access to engineering documents and specifications.

Rule and Role Based Acronyms

In this article I used the acronym RuBAC for rule-based access control and the acronym RoBAC for role-based access control, however in many references the acronym RBAC is used for rule-based access control, or RBAC is used for is used for both access control methods.

More Network Security Articles:
• What is Penetration Testing?
• How Snort's Stealth TCP Port Scanning Works
• Are You Meeting ISO 27000 Standards for Information Security Management?
• Avoid Hacks by Rogue Wireless Devices
• Firewall Perimeter Network (DMZ)
• Data Encryption
• Implementing a Secure Password Policy
• Network User Authentication
• Methods to Combat Distributed Denial of Service (DDoS) Attacks
• ARP, MAC, Poisoning, and WiFi Security

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro

Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2024 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268