[Agenda] [Examples] [Network Partitioning] [Concepts] [Policy] [Process] [Organization] [HW-SW] [Cases studies] [Conclusion] [Resources]
[first slide] Security policy [previous slide] [next slide]

* Security policy
o In applications
   - DBMS, multicast, ...
o In operating systems
o User level in distributed applications or resources
o In the network

* Network security policy in IPsec,
o The IPsec policy database filters contain selectors and policies
o Selector is source IP address, destination IP address, protocol, source port, destination port
o Policy is the rule: allow / deny / encrypt, like in access lists that apply to datagrams
o Policy indicates what tunnels IKE should set-up
o Policy in IPsec is rules for one endpoint

* Too often: a single rule for one device = "a policy"
o If <condition> then <action>
o Source @IP, dest @IP, protocol, service, then allow/deny

HSC ® © Hervé Schauer Consultants December 1999 - 142, rue de Rivoli - F-75001 Paris - France
Phone: +33 141 409 700 - Fax: +33 141 409 709 - Email: <secretariat@hsc.fr>
- Page 50 -