Adding objects can be done by selecting the CS-SZ Router object and then clicking on the right arrow appearing. This will present a list of connectable objects to the Router object.
When clicking on the left arrow, you will see a list of already existing and connected objects. In this case, the ClientZone, AdminZone and the ServerZone network objects.
These arrows are only shown when you can add an object on the current canvas. This means that if you open an object to see what other objects are in it, these arrows for adding additional objects will not be available. A more complete description on this is found in the Program Features module describing Object Views.
Select AccessControl and then Firewall.
Adding Objects to a Router
We also see that when we added a Firewall object to our Router object, a mini-icon appears on the Router object. This doesn’t happen when adding the AccessControl to it. The reason for this is that a Router is assumed to have an AccessControl (even though it is not mandatory) while a Router does not necessarily have a Firewall connected to it. Firewalls provide more modeling and architectural information to the model than access controls do.
As with the Router object, we need to add a UserAccount object to the AccessControl object. Select AccessControl, click on the right hand arrow and select UserAccount.
Next, click on the AccessControl and then the right-bound arrow to add a UserAccount to it.
When adding a UserAccount object to an AccessControl object, we will be prompted for which type of connection to use, root or non-root authorization;
Since the access control and the corresponding user account in this case represents the administration of the router settings, including the firewall rule set, please choose the Root Authorization option.
When adding an AccessControl object, it is always good practice to also add a UserAccount connected with the Root Authorization type of connection. This is to represent that it is possible to for instance add new user accounts or edit existing user accounts and settings. Regular user accounts shall have the Non-Root Authorization type of connection and are optional.
When building different models and performing attack analysis, you will later on see that getting hold of a root user account is much more useful to the attacker than a regular user account, even if such a user account is also useful for performing further attacks.
Updated 11 months ago