2-10 CHAPTER 2: WORKING WITH SECURITY

Dominant Permission

When a user belongs to more than one group with different permissions, or is individually defined for specific objects, which permission is used?

Rule 1. Individual’s permissions overrule the permissions for a group. An individual permission overrides a group permission, even if the group permission changes after the individual member was modified.

Rule 2. Explicit permission overrules inherited permission. So, what happens when a user belongs to more than one group, and the permissions of one group grant something while the other denies it?

Here is a fictitious example: Bill Gallagan belongs to the JrSales group and the Developers group. Here are the inherited permissions for All Attachments for both groups:

Figure 2-12 ‘All Attachments’ Permissions by User Group

Delete Attachments is permitted in the Developers group and not permitted in the JrSales group.

Here is what the permissions look like for Mr. Gallagan:

Figure 2-13 ‘All Attachments’ Permissions by User

The negative permission is an overriding factor in this case. There are two ways to adjust this:

Page 32
Image 32
3Com 10031370-01 setup guide 12 ‘All Attachments’ Permissions by User Group

10031370-01 specifications

The 3Com 10031370-01 is a prominent model in the realm of networking, specifically geared towards facilitating seamless enterprise connectivity. As a managed switch, it is designed to support a wide range of network requirements, making it particularly valuable for businesses aiming to enhance their infrastructure reliability and performance.

One of the primary features of the 3Com 10031370-01 is its support for advanced Layer 2 switching technologies. This enables the switch to intelligently forward data packets based on MAC addresses, ensuring that network traffic is efficiently managed. The device also supports VLANs (Virtual Local Area Networks), allowing organizations to segment network traffic and improve security and performance by reducing broadcast domains.

The switch is implemented with Power over Ethernet (PoE) capabilities, which is a significant advancement for installing VoIP phones, surveillance cameras, and wireless access points. This feature reduces the need for additional power sources, streamlining installation and future upgrades.

With a hardware design focusing on durability and a compact footprint, the 3Com 10031370-01 can easily fit into various networking environments, including small to medium enterprises. The device operates using a fanless design, which not only minimizes noise but also enhances reliability by reducing moving parts, thus extending the lifespan of the equipment.

In terms of security, the switch comes equipped with 802.1X authentication, ensuring that only authorized devices can access the network. This is complemented by capabilities such as storm control, which helps prevent network congestion, and port security features that can restrict access based on MAC addresses.

The 3Com 10031370-01 leverages advanced management features that can be accessed through a web-based GUI (Graphical User Interface), making it easier for administrators to configure and monitor network performance. SNMP (Simple Network Management Protocol) support is also available, which allows for comprehensive network management via third-party tools.

Overall, the 3Com 10031370-01 is a robust networking solution that combines advanced features and technologies tailored for effective network management. Its powerful capabilities in data traffic management, enhanced security, and ease of administration make it an appealing choice for organizations striving for seamless and efficient network operations. As part of the enduring legacy of 3Com in networking, this switch emphasizes reliability and high performance tailored for the modern business landscape.