Distributed Network Security

[Agenda] [Examples] [Network Partitioning] [Concepts] [Policy] [Process] [Organization] [HW-SW] [Cases studies] [Conclusion] [Resources]

Apply the service flows on filtering devices

The NOC (Network Operation Center) distributes the filtering configuration: SPEPs have operational purpose first; SPEPs are network devices, not security devices; NOC may be a local NOC, where the Security Office is still centralized; Good cooperation is mandatory
NOC should primarly use existing and usual tools: HP-OV, CW2K, Spectrum, Tivoli, ...; Distribution, version-control, logging, archiving, etc; Current distributing mechanisms available in existing products are usually useful for small networks, useless for large networks
NOC is responsible for coherence: Security policy with routing; Scheduling of filtering configuration upload; Access to the SPEPs themselves

® © Hervé Schauer Consultants December 1999 - 142, rue de Rivoli - F-75001 Paris - France
Phone: +33 141 409 700 - Fax: +33 141 409 709 - Email: <secretariat@hsc.fr>

- Page 69 -