Remote Access Control Policy for Richman Investments
The remote access policy is set to "Grant remote access permission" and the connection attempt matches the policy conditions. I would enforce he explicit deny policy. The remote access policy is set to "Deny remote access permission" and the connection attempt matches the policy conditions. I also would implement the implicit deny policy, in case the connection attempt does not match any remote access policy conditions. After implementation of several security policies, I would create a SSL VPN network. This is a form of VPN that can be used with a standard Web browser. In contrast to the traditional Internet Protocol Security (IPsec) VPN, an SSL VPN does not require the installation of specialized client software on the end user's computer. It's used to give remote users with access to Web applications, client/server applications and internal network connections. Every Richman Employee must meet the Policy Conditions to the properties of the connection attempt made by the remote access client. There can be one or more Remote Access conditions applied to a single Remote Access Policy. More Importantly, Every employee must also meet Remote Access Permissions. If all the conditions for a Remote Access Policy are met, then Remote Access Permission is either granted or denied. Remote Access Permission can be controlled via Remote Access Policy, or via the properties of the caller’s user account. There are two types of systems to choose from, Discretionary Access Control (DAC) and Mandatory Access Control (MAC).The Richman System will be MAC Remote Access System. Under The Mandatory Access Control, the owner will be able to make the decision as to who will have access. The system compares the subject that goes with the terms of The Bell-La Padula confidentiality model. Compared to The Discretionary Access Control (DAC) is a means of restricting access to objects based on the identity of subjects and groups. The owner decides who gets in, and changes permissions as needed. I feel more confident if the permissions are by and only by the owner.
Authorization
Richman Investments must define rules as to who has access to which computer and network resources. My suggestion is that RI implements either a group membership policy or an authority-level policy to achieve this. Group policy would allow the administrator to assign different privileges to different groups. The admin would then assign different individual users to those different groups. So the users permissions would depend on the permissions of the