First, however, bestpractice
security precautions and a controllable and auditable access mechanism should be
deployed before the wizard is run.
435 Deploying a Role-Based Access Control Model for ISA Server 2006
16
Deploying a Role-Based Access Control Model for
ISA Server 2006
For many years, Microsoft has provided for ease of administrative delegation in its products,
for better or for worse. Unfortunately, however, this concept has been misused and
abused and generally misunderstood. Too often, access is simply granted ad hoc, and to
individual users, resulting in a mess of security permissions, orphaned SIDs, and potential
security risks.
What is needed is a best-practice strategy for securing access to resources, including ISA
Server itself. Ideally, this strategy should involve granting access only when a person??™s role
dictates that he should be allowed access to that resource. For example, if Susan is an
accountant, then it would stand to reason that she should not have access to Human
Resources file servers. What should happen is that the role of Accountant should be
defined, and the resources that the role needs to perform that job should also be defined.
Pages:
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687