User Guide
OmniVista SafeGuard Manager Administration Guide
113
Chapter 5: Device Configuration
Designing a Policy Workflow
A policy workflow is simply an approach to planning, organizing, and implementing a
policy management strategy. Before configuring your rules, roles and policies, it is
helpful to do some ground work.
1 Determine your corporate philosophy to security.
There are two schools of thought on how to execute a policy system. One method
creates a wall where all users are initially denied access. You then punch holes, or
exceptions into the wall. The other method is to allow everything through and
then to block specific network resources and applications.
2 Using your existing corporate security plan and documents for organizing your
role hierarchy, organize your users, servers, and other resources into logical
groups.
As mentioned before, users are organized by role. But you can also organize
resources into network zones, which are collections of nodes and network
segments. A network zone is an easy way to take all of the resources for a group
and naming that entity. For example, you can define a network zone for the
servers for the Finance organization or for the resources that you want to give
unauthenticated users. For more information on defining network zones, see
Network Zones.
3 Determine what applications and what files you want to monitor or block.
4 Define the list of permissions (rules) based on the access criteria. For more
information, see Defining Policies.
5 Order the filters within each role by precedence. For more information on roles
and role hierarchy, see Roles.
Defining Policies
A policy is a set of rules that define a set of permissions for the user. For each policy you
define:
1 Select the type of policy definition you want to create (User, Malware, EPV, or
User Override).
2 Assign the policy a name.
3 Add a description for the policy (optional).
4 Add a severity for the policy (optional).
5 Add a category for the policy (optional).
6 Configure the rules which are comprised of filters and actions. For more
information on application filters, see Application Filters.