There are a number of permutations and possibilities made simpler and easier to administrate using these features together. Staff might have access to applications to communicate with colleagues in real time while students might be denied social networking access to get them from being distracted from their studies (Application Control). Staff will be allowed to transmit certain data under certain circumstances while students cannot transmit that type of data at all (DLP). Staff will be allow access to websites that children are not (Web Filter). Staff and students are going to have significantly different permissions and restrictions associated with them. A good example of this would a school environment. To refine the application of Security Profiles even further you can use the Profile Group in combination with Identity based policies and User Groups so that depending upon which User group a person belongs to that can be assigned a common set of Security profiles. It makes Security Profiles administration much simpler to implement, simpler to administrate and simpler to remember what Security Profiles features are being assigned to policies. If changes need to be make, rather than going into each policy to make individual changes you only have to make changes to the group and the changes automatically propagate through to all of the policies that are using the Profile Group. This can be very convenient in an environment that has a large number of policies because instead of deciding each time you make a policy which Security profiles are going to be used you can have a small selection of Profile groups and every policy is assigned one of those groups. You assign a selection of Security profiles to the Group and assign the group to a policy. This works much the same way as an address group or a service group. One of the options when adding Security profiles to policies is the use of the Profile Groups feature.
0 Comments
Leave a Reply. |