Security Solutions
2-6
Customer Needs Assessment
Types of Users
In the example, the Berlin_developers group might need to be subdivided
based on the projects to which workgroups are assigned. For example, if the
company manufactured household appliances, the Berlin_developers group
might include workgroups such as:
■ Small appliances workgroup
■ Kitchen appliances workgroup
■ Laundry appliances workgroup
■ Cleaning appliances workgroup
By defining groups based on their network access needs, you can set up access
control policies more efficiently.
To protect the company’s proprietary information—including patents and new
products—the company might want to restrict each workgroup to a limited
set of network resources. For example, the small appliances workgroup
should not be able to access the resources dedicated to the kitchen appliances
workgroup.
Temporary Employees
Temporary workers are typically less-trusted users, whose network access
must be carefully managed. Because temporary employees often require
different access controls than regular employees, you should place them in a
separate group and limit their access to a few network resources. You may
also want to restrict login times to working hours only.
Ideally, you would also configure temporary user accounts with an expiration
date that coincides with the period the employee is contracted to work for the
company. If the length of the work assignment is not known, you might want
to configure the account to expire periodically so that the temporary
employee’s manager must renew it to keep it active.
Guests
Guests represent another group with special access needs. Typically, these
users should be able to access only limited network resources. For example,
they may need only Internet access and basic print services. The network
access policy for these users should grant them this limited access but prevent
them from accessing other network resources such as company servers.