Security dashboards can be daunting. A quick Google image search reveals JPEG after JPEG of tiny font, obscure graphs, and things that go pewpew—cool, but not immediately intuitive. At OpenDNS, our user experience team strives to make the Dashboard easy to use and simple to manage, a task that begins as soon as you create an account and begin making policies.
However, even the simplest tools come with pro tips, and the OpenDNS Dashboard is no exception. Below, we outline the two most important tips to keep in mind as you navigate the policy creation process, with help from Technical Support Engineer Alexander Harrison.
For best results, use only the ‘Policies’ tab
When you first log in to the Dashboard and visit the Configuration tab, you’ll notice a series of tabs on the left-hand side of the screen. These tabs detail different policy and option settings, which can help you manage your users, but Harrison suggests a different approach.
“When I’m setting up a policy in the Dashboard, I usually stay away from Policy Settings and Block Page Settings, at least to start out,” Harrison said. “I almost forget those options are there. I do everything from the Policy Editor itself (the Policies tab, as highlighted in the image above), because it keeps everything in one place.”
The Policy Editor, shown below, contains tabs for most of the same settings represented in sidebar shown above to the right:
“The Policy Settings tab is mainly useful if you have multiple policies,” Harrison said. He went on to say that the Policy Settings tab allows admins to quickly find specific domain lists, instead of finding the policy the domain list applies to, saving time and effort when adjusting the lists.
Block Page Settings provides an excellent example of the benefits of using the Policy Editor. If you create a new user from the sidebar Block Page Settings menu, an extra step must also be taken in the Policy Editor to enable this bypass user—whereas the same user created through the Policy Editor is applied to the policy immediately.
There is a comprehensive guide to creating policies using just the Policy Editor alone—you can read it here. Looking for a tl;dr? Harrison suggests that admins who need to get policies up and running quickly go directly to step 2, section b, which covers security settings.
Policy execution order matters
If you have already created your policies in the Dashboard, you may feel like you’ve got everything covered. However, there is one more tip that is imperative to keep in mind: your policy order. Below, you can see the Policy Editor view. On the left hand side, you can see an arrow pointing downward. This is actually a guideline for creating policies that stack appropriately, ensuring that the correct policies are applied to the correct groups, users, and networks.
According to the policy ordering tutorial, “Policies are applied based on a ‘first match’ methodology which follows a top to bottom execution order. Therefore, only the top-most policy that matches a user’s Identity will be applied, and all subsequent lower matches will be ignored.”
What does that mean exactly? Harrison explains: “You want to build your catch-all policies first, and then put more specific policies above them, because if you build it upside-down with the biggest policy up top, you’re never going to use the more specific settings.” He continued, “AD users and such represent those more specific policies, followed by groups of AD users, and your network is the catch-all. But if you have the network policy up top in the policy order, it will cover everything, and your more specific policies won’t be applied.
“Several people might say, ‘Oh, I can add my users to a few policies and it will stack.’ While in reality, it’s just ‘the first coin to hit the sorter applies,’ so to speak.”
Once you’ve worked out the order your policies should be stacked, adjusting them is simple, just click and drag:
Attention to detail goes a long way
In addition to these two takeaways, one idea Harrison wanted to emphasize was attention to details in the Dashboard, such as hitting “Save” or “Allow” when creating settings.
“The policy creation system and policy execution order are probably the two most important things to keep in mind when you’re working in this pane,” Harrison said. “However, there are a lot of problems that can be mitigated by ensuring that you cross your T’s and dot your I’s.”