Enclave Boundary Defense

Enclave is a part of a network created to provide restricted access, and enclave boundary is the point where an enclave's network connects to another network. Security measures and authenticators are implemented to defend an enclave boundary. According to Gravicom (2002):

Defense of the enclave boundary is focused on effective control and monitoring of data flow into and out of the enclave. Effective control measures include firewalls, guards, virtual private networks (VPNs), and identification and authentication (I&A)/access control for remote users. Effective monitoring mechanisms include network-based intrusion detection systems (IDSs), vulnerability scanners, and virus detectors located on the LAN [local area network].

Although the main purpose of enclave boundary defense is to protect the enclave by restricting access from outside, it also controls the access from inside to outside.

References

Gravicom. (2002). Defend the enclave boundary/external connections.  http://gravicom.us/downloads/docs/IATF/ch06.pdf