Two Approaches to Security


When you're planning how to implement security on your network, first consider which of two basic approaches to security you'll take:

  • An open-door type of security, in which you grant everyone access to everything by default and then place restrictions just on those resources to which you want to limit access.

  • A closed-door type of security, in which you begin by denying access to everything and then grant specific users access to the specific resources that they need.

In most cases, the open-door policy is easier to implement. Typically, only a small portion of the data on a network really needs security, such as confidential employee records, or secrets, such as the Coke recipe. The rest of the information on a network can be safely made available to everyone who can access the network.

If you choose the closed-door approach, you set up each user so that he or she has access to nothing. Then, you grant each user access only to those specific files or folders that he or she needs.

The closed-door approach results in tighter security but can lead to the Cone of Silence Syndrome: Like Max and the Chief who can't hear each other talk while they're under the Cone of Silence, your network users will constantly complain that they can't access the information that they need. As a result, you'll find yourself often adjusting users' access rights. Choose the closed-door approach only if your network contains a lot of sensitive information, and only if you're willing to invest time administrating your network's security policy.

Tip 

You can think of the open-door approach as an entitlement model, in which the basic assumption is that users are entitled to network access. In contrast, the closed-door policy is a permissions model, in which the basic assumption is that users aren't entitled to anything but must get permissions for every network resource that they access.




Networking For Dummies
Networking For Dummies
ISBN: 0470534052
EAN: 2147483647
Year: 2004
Pages: 254
Authors: Doug Lowe

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net