• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Contact Sales
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Why Us
    • Why Cisco Umbrella
      • Why Try Umbrella
      • Why DNS Security
      • Why Umbrella SASE
      • Our Customers
      • Customer Stories
      • Why Cisco Secure
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Global Cloud Network Activity
    • Unmatched Intelligence
      • A New Approach to Cybersecurity
      • Interactive Intelligence
      • Cyber Attack Prevention
      • Umbrella and Cisco Talos Threat Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco Umbrella and SecureX
  • Products
    • Cisco Umbrella Products
      • Cisco Umbrella Cloud Security Service
      • Recursive DNS Services
      • Cisco Umbrella SIG
      • Umbrella Investigate
      • What’s New
    • Product Packages
      • Cisco Umbrella Package Comparison
      • – DNS Security Essentials Package
      • – DNS Security Advantage Package
      • – SIG Essentials Package
      • – SIG Advantage Package
      • Umbrella Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Cloud Data Loss Prevention (DLP)
      • Cloud-Delivered Firewall
      • Cloud Malware Protection
      • Remote Browser Isolation (RBI)
    • Man on a laptop with headphones on. He is attending a Cisco Umbrella Live Demo
  • Solutions
    • SASE & SSE Solutions
      • Cisco Umbrella SASE
      • Secure Access Service Edge (SASE)
      • What is SASE
      • What is Security Service Edge (SSE)
    • Functionality Solutions
      • Web Content Filtering
      • Secure Direct Internet Access
      • Shadow IT Discovery & App Blocking
      • Fast Incident Response
      • Unified Threat Management
      • Protect Mobile Users
      • Securing Remote and Roaming Users
    • Network Solutions
      • Guest Wi-Fi Security
      • SD-WAN Security
      • Off-Network Endpoint Security
    • Industry Solutions
      • Government and Public Sector Cybersecurity
      • Financial Services Security
      • Cybersecurity for Manufacturing
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
  • Resources
    • Content Library
      • Top Resources
      • Cybersecurity Webinars
      • Events
      • Research Reports
      • Case Studies
      • Videos
      • Datasheets
      • eBooks
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • For Customers
      • Support
      • Customer Success Webinars
      • Cisco Umbrella Studio
    • Get the 2022 Cloud Scurity Comparison Guide
  • Trends & Threats
    • Market Trends
      • Hybrid Workforce
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
    • Security Threats
      • How to Stop Phishing Attacks
      • Malware Detection and Protection
      • Ransomware is on the Rise
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
      • Global Cyber Threat Intelligence
      • Cyber Threat Categories and Definitions
    •  
    • Woman connecting confidently to any device anywhere
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Person looking down at laptop. They are connecting and working securely
  • Blog
    • News & Product Posts
      • Latest Posts
      • Products & Services
      • Customer Focus
      • Feature Spotlight
    • Cybersecurity Posts
      • Security
      • Threats
      • Cybersecurity Threat Spotlight
      • Research
    •  
    • Register for a webinar - with illustration of connecting securely to the cloud
  • Contact Us
  • Umbrella Login
  • Cloudlock Login
  • Free Trial
Security

Best Practices for Effective Policies

By Kara Drapala
Posted on July 7, 2015
Updated on April 15, 2020

Share

FacebookTweetLinkedIn

Security dashboards can be daunting. A quick Google image search reveals JPEG after JPEG of tiny font, obscure graphs, and things that go pewpew—cool, but not immediately intuitive. At OpenDNS, our user experience team strives to make the Dashboard easy to use and simple to manage, a task that begins as soon as you create an account and begin making policies.

However, even the simplest tools come with pro tips, and the OpenDNS Dashboard is no exception. Below, we outline the two most important tips to keep in mind as you navigate the policy creation process, with help from Technical Support Engineer Alexander Harrison.

For best results, use only the ‘Policies’ tab

Screen Shot 2015-07-07 at 11.03.12 AM
Screen Shot 2015-07-07 at 11.05.06 AM

When you first log in to the Dashboard and visit the Configuration tab, you’ll notice a series of tabs on the left-hand side of the screen. These tabs detail different policy and option settings, which can help you manage your users, but Harrison suggests a different approach.

“When I’m setting up a policy in the Dashboard, I usually stay away from Policy Settings and Block Page Settings, at least to start out,” Harrison said. “I almost forget those options are there. I do everything from the Policy Editor itself (the Policies tab, as highlighted in the image above), because it keeps everything in one place.”

The Policy Editor, shown below, contains tabs for most of the same settings represented in sidebar shown above to the right:

“The Policy Settings tab is mainly useful if you have multiple policies,” Harrison said. He went on to say that the Policy Settings tab allows admins to quickly find specific domain lists, instead of finding the policy the domain list applies to, saving time and effort when adjusting the lists.

Block Page Settings provides an excellent example of the benefits of using the Policy Editor. If you create a new user from the sidebar Block Page Settings menu, an extra step must also be taken in the Policy Editor to enable this bypass user—whereas the same user created through the Policy Editor is applied to the policy immediately.

There is a comprehensive guide to creating policies using just the Policy Editor. Looking for a tl;dr? Harrison suggests that admins who need to get policies up and running quickly go directly to step 2, section b, which covers security settings.

Policy execution order matters

Policy
policy gif

If you have already created your policies in the Dashboard, you may feel like you’ve got everything covered. However, there is one more tip that is imperative to keep in mind: your policy order. Below, you can see the Policy Editor view. On the left hand side, you can see an arrow pointing downward. This is actually a guideline for creating policies that stack appropriately, ensuring that the correct policies are applied to the correct groups, users, and networks.

According to the policy ordering tutorial, “Policies are applied based on a ‘first match’ methodology which follows a top to bottom execution order. Therefore, only the top-most policy that matches a user’s Identity will be applied, and all subsequent lower matches will be ignored.”

What does that mean exactly? Harrison explains: “You want to build your catch-all policies first, and then put more specific policies above them, because if you build it upside-down with the biggest policy up top, you’re never going to use the more specific settings.” He continued, “AD users and such represent those more specific policies, followed by groups of AD users, and your network is the catch-all. But if you have the network policy up top in the policy order, it will cover everything, and your more specific policies won’t be applied.

“Several people might say, ‘Oh, I can add my users to a few policies and it will stack.’ While in reality, it’s just ‘the first coin to hit the sorter applies,’ so to speak.”

Once you’ve worked out the order your policies should be stacked, adjusting them is simple, just click and drag:

Attention to detail goes a long way

In addition to these two takeaways, one idea Harrison wanted to emphasize was attention to details in the Dashboard, such as hitting “Save” or “Allow” when creating settings.

“The policy creation system and policy execution order are probably the two most important things to keep in mind when you’re working in this pane,” Harrison said. “However, there are a lot of problems that can be mitigated by ensuring that you cross your T’s and dot your I’s.”

If you have any further questions about navigating the OpenDNS Dashboard, our Knowledge Base can provide a thorough walkthrough of setup. Or, you can reach our world-class support team here.

Previous Post:

Previous Article

Next Post:

Next Article

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2023 Cisco Umbrella