Secure Mobile Access 12.4 Administration Guide

Follow the Principle of “Least Privilege”

The most secure approach to policy design is to specifically list the resources to which you want to permit access. Anything not accounted for in the “permit” rules is denied by the appliance. This approach follows one of the fundamental design principles of computer security: that access rights should be explicitly required, rather than given to users by default.

An alternate approach is to create “deny” rules for restricted resources, but permit access to everything else by default. Here, anything not accounted for in the “deny” rules is accessible, until the final “deny” rule is processed. This method may be easier to set up, but is more error-prone and thus not as secure.

Of course, you can also use a combination of permit and deny rules. In this case, users are permitted access to some resources, but denied access to others.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.