Manualshelf

User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIACCESS SAFEGUARD CONTROLLER
301302303304305306307308309310
OmniAccess SafeGuard OS Administration Guide
301
Chapter 7: Establishing a Security Policy
Policy Precedence
Multiple user policies can be assigned to a role. When a user policy is applied to a role, it
too can have a precedence. Precedence numbers can be in the range of 1 to 65535, where 1
has the highest precedence and 65535 the lowest. Policy precedence comes before rule
precedence. Figure 9 shows an example of policy precedence.
Figure 9 Policy and Filter Precedence
Designing a Policy Workflow
A policy workflow is simply an approach to planning, organizing, and implementing a
policy management strategy. Before configuring your rules, roles and policies, it is
helpful to do some ground work.
1 Determine your corporate philosophy to security.
There are two schools of thought on how to execute a policy system. One method
creates a wall where all users are initially denied access. You then punch holes, or
exceptions into the wall. The other method is to allow everything through and
then to block specific network resources and applications.
SafeGuard OS is best suited for the later approach, as it optimizes the number of
rules required to enforce a specific access policy. The default condition for
SafeGuard OS is to assume that everyone and everything can go through.
Table 27 Policy Precedence Ranges within a Role
Policy Type Precedence range
Malware policies 0
Override user policies 1–9
System policies Starts with 10 and increments by 10
EPV-System policies Not Applicable
User policies User Defined
CST_058
user role technician
Policy A is applied before policy B.
Filter precedence is applied after
policy precedence.
policy A precedence 110
policy B precedence 210
filter f1 precedence 2100
filter f1 precedence 1100