Two Approaches to Network Security
When you’re planning how to implement security on your network, you should first consider which of two basic approaches to security you will take:
An open-door type of security, in which you grant everyone access to everything by default and then place restrictions just on those resources to which you want to limit access.
A closed-door type of security, in which you begin by denying access to everything and then grant specific users access to the specific resources that they need.
In most cases, the open-door policy is easier to implement. Typically, only a small portion of the data on a network really needs security, such as confidential employee records or secrets such as the Coke recipe. The rest of the information on a network can be safely made available to everyone who can access the network.
If you choose the closed-door approach, you set up each user so that he or she has access to nothing. Then, you grant each user access only to those specific files or folders that he or she needs.
The closed-door approach results in tighter security, but can lead to the Cone of Silence Syndrome: Like Max and the Chief who can’t hear each other talk while they’re under the Cone of Silence, your network users will constantly complain that they can’t access the information that they need.
As a result, you’ll find yourself frequently adjusting users’ access rights. Choose the closed-door approach only if your network contains a lot of information that is very sensitive, and only if you’re willing to invest time administrating your network’s security policy.
You can think of the open-door approach as an entitlement model, in which the basic assumption is that users are entitled to network access. In contrast, the closed-door policy is a permissions model, in which the basic assumption is that users aren’t entitled to anything but must get permission for every network resource that they access.