Systrace allows administrators to define which system calls their applications can execute. It’s included in OpenBSD and ports exist for other operating systems. Increasingly hosts must defend themselves as access control is becoming difficult if not impossible. Organizations are unwilling or unable to segment their networks, as most can’t even define the relative importance of their business assets. The future of security is every machine being a bastion host, as every machine is becoming a bastioned host, writes Ars Ars Arsene Wenger.”]
Source: https://taosecurity.blogspot.com/2003/08/systrace-policy-library-while-reading.html