[Agenda] [Examples] [Network Partitioning] [Concepts] [Policy] [Process] [Organization] [HW-SW] [Cases studies] [Conclusion] [Resources]
[first slide] Abstraction level of Policy-based network security management (2/4) [previous slide] [next slide]


* Policy-based management does not imply

o Single-device view
o Huge tabs with hundreds of lines of rules
o Hierarchical or tree view
- does not fit the reality of business exchanges
- helps only implementers using LDAP directories instead of databases
- decentralized policy definition may imply organizational view

o Physical network topology view
- except if physical network topology reflects business needs
- logical network topology (VLANs, etc) is usually better

*********************************************************************
HSC ® © Hervé Schauer Consultants December 1999 - 142, rue de Rivoli - F-75001 Paris - France
Phone: +33 141 409 700 - Fax: +33 141 409 709 - Email: <secretariat@hsc.fr>
- Page 57 -