Create policy for zero-trust access

Create policy for zero-trust access

Welcome to the BlastShield™ Quick Start Guide. In this series of articles you will learn how to setup your BlastShield™ protected network. To get your BlastShield network up and running, the following workflows are required.

  1. Sign-up and register for a BlastShield account
  2. Authenticate and connect to BlastShield™
  3. Launch your Orchestrator and add BlastShield™ Agents to protect your servers
  4. Create policy for zero-trust access (this article)
  5. Add new users to your protected network

Summary

To allow your users to connect to the protected servers then you must set up a policy to allow them to access the server. BlastShield™ is a zero-trust solution so the default behaviour is to block access until you apply a Policy.

Policies are a simple way to grant users access to a protected server by linking a group of users to a group of BlastShield™ Agents.  

Policies work using a simple ‘From’ and ‘To’ methodology which links a group of users to a group of agents.  You must install one BlastShield™ Agent on each server that you want to provide secure access to.

The process of creating a Policy is summarised here:

  1. Create a group for your users and a group for your servers and endpoints.
  2. Create a policy to link your user group to your server group.

With BlastShield™ STARTER you can have up to three policies in a protected network, at no cost. To use more than three policies, an upgrade is available. Contact us for details on upgrading.

1. Create a group for your users and a group for your servers and endpoints.

To learn how to create groups, watch the following video or read the steps below.


  1. Select "Groups" from the left menu.
  2. Select "Add New Group" from the Group List.
  3. Enter a name for the new Group.
  4. To add members to the new group, click the "Add Members" button. The "Add Group Members" menu will open.
  5. If you are creating a group of users then select the desired users which you want to be associated with the new Group from the "Users" box.
  6. Or, if you are creating a group of BlastShield™ Agents then select the desired agents which you want to be associated with the new Group from the "Agents" box.
  7. Alternatively, you can leave the members list empty and add/modify new members later.
  8. Click "Add Members" to save the members.
  9. Click "Save" to save the new group.
  10. Repeat for the other user and server groups which you require.

2. Create a policy to link your user group to your server group.

To learn how to add policies, watch the following video or read the steps below.

To connect your users and protected servers, you link them with a policy as described here:

  1. Select "Policies" from the left menu.
  2. Select "Add New Policy" from the Policy List.
  3. Enter a name for the new Policy.
  4. Select desired "From" Groups to be associated with the new Policy.
  5. Select desired "To" Groups to be associated with the new Policy.
  6. Save the new Policy.
  7. Repeat the above steps if you require multiple policies. With BlastShield™ STARTER you can have up to three policies in a protected network, at no cost. To use more than three policies, an upgrade is available. Contact us for details on upgrading.

Note

Policies are directional, so that you can control the direction in which connections may be initiated. Typically for remote access use-cases your policy would be from the "user group" to the "server group" so that users may start connections to the servers, but servers cannot start connections to users. You can create bi-directional permissions by using two policies. Here are some other useful points:

  • Groups can be added to more than one Policy
  • Policies can have multiple groups in the 'From' field
  • Policies can have multiple groups in the 'To' field
  • Endpoints and servers may be added to multiple Groups.
  • Agents and Endpoints may be added to multiple Groups.

Next Step:

Click here to go on to the next step of adding new users to your network.
For further information:

See the following articles for further information on groups and policies.