The Network Access Control system is responsible for storing the organizations access policies and applying them to every request that is submitted. In order to access all devices on the network (including the workstation) and to alter network settings, a unique password is needed. All the passwords used to access devices can be viewed by the admin of the device, but not by other users.
Security Mechanism: An administrator of the network can temporarily disable any number of access operations on devices by marking them as “Restricted”. By executing the proper command, the restricted devices can be disabled and any others can be removed from the network.
Authentication/Authentication Engine
The Authentication/Authentication Engine (AAE) implements the different network authentication methods, including:
Token-based authentication
OATH-based authentication
AES-based authentication
The AAE is a plugin framework built in the cloud by the Easy Secure Module (ESM). While it is completely separate from Nautilus, it is used for user authentication.
Security Mechanism: AAE stores the user authentication information in the SecureID Store and provides it to Nautilus for cross-device use. The AAE configuration is stored in a file in the user home directory. By using one of the Nautilus desktop icons to sign in, the Authenticity is sent to Nautilus.
Password Manager
The Password Manager uses the password manager functionality provided by Nautilus, but allows storing passwords and files with a password manager client as well. It requires administrator privileges to retrieve a password. The password manager can only access files that are owned by the administrator.
Security Mechanism: This particular feature is of the cloud plugin architecture that can be accessed only by administrators.
An external user account is required to use the password manager client feature.
Enforcing your Policies
The policies and policies components can be configured to enforce specific actions for which a user should be able to gain administrator privileges. There are several types of policies and policies configuration:
Content filtering
Logging
Access control
Device restriction
ACLs
Restricted network access
The user profiles, group memberships, and policies are all derived from a common schema that contains information such as the namespace, permissions, and roles. The common schema was created in the content filter module.
Multiple policies can be enabled on the same host, but each policy has access restrictions that are applied to other policies to further restrict which actions are allowed for the user or for which users. It is recommended that users only use a single policy for authentication and secure access control.
Access Control
Access control defines how a user should be allowed to perform certain actions such as viewing the desktop, posting messages, or starting applications. In order to create an access control policy, Nautilus must be configured to allow access to all applications. This common registry configuration can be used to define policies for applications that are available for installation.
Access control also defines the user account group or file system permission setting that should be allowed by a user. This can be a group or file system permission for a particular application that is required to run, and there are services which can also help in this purpose, you can visit this site to find great resources for this.
While only a single policy can be enabled on the same host, multiple policies have access restrictions applied to the same user. Only a single policy is defined on a user account by default. The policy will have an access restriction per to an application that is installed on the host.