[Agenda] [Examples] [Network Partitioning] [Concepts] [Policy] [Process] [Organization] [HW-SW] [Cases studies] [Conclusion] [Resources]
[first slide] (2) Determine service flows between domains and draw them (3/3) [previous slide] [next slide]


* All what is not expressively allowed is denied
o Service flows represent what is allowed
o Explicit denying service flow can be useful
o Inverse way may be useful in very specific cases (all that is not expressively denied is allowed)

* Realistic
o Usual intranet is 20 different services over the network -> 20 diagrams
o Biggest current case is 54 different services (one of world's largest bank)
- 45 services crossing the same SPEP (filtering device)


*********************************************************************
HSC ® © Hervé Schauer Consultants December 1999 - 142, rue de Rivoli - F-75001 Paris - France
Phone: +33 141 409 700 - Fax: +33 141 409 709 - Email: <secretariat@hsc.fr>
- Page 67 -