"In this video, John Martinez demonstrates how this policy restricts access to production resources to business hours. 👉 What exactly does this policy do? This policy helps protect from anomalous behavior by restricting connections to production resources to occur only during business hours. When the time window is shifted, the connection is denied. The policy can be enhanced by adding MFA and admin approval, and additional contextual attributes. 👉 Why it matters A common anomalous behavior pattern is connecting to critical resources outside of normal hours. This can be due to external or internal threats, where behavior deviates from normal usage patterns, where users or attackers establish command and control (C2) channels, perform lateral movements, or execute malicious actions."
This policy restricts access to production resources to only during business hours. In this case, weekdays between eight and 5:00 PM local time.
I have several resources already approved for authorization. I'm gonna establish a session by logging in and SS hing to this SSH resource.
Access is permitted because I'm within the time of day of the policy.
I'm gonna log out, modify the policy to take me outside of the allotted business hours from 11 to 5:00 PM.
Retet a connection, and my session is denied.
