[Agenda] [Examples] [Network Partitioning] [Policy] [Concepts] [Process] [Organization] [HW-SW] [Cases studies] [Conclusion] [Resources]
[first slide] Security policy [previous slide] [next slide]


* Security policy
o Within applications . DBMS, multicast, ...
o Within operating systems
o User level in distributed applications or components
o ...

* Network security policy in IPsec,
o Refers to the policy database
o Set of rules: allow / deny / encrypt, like access lists that apply to datagrams
o What tunnels IKE should set-up
o Policy rules for one endpoint

* Too often: a single rule for one device = "a policy"
o If <condition> then <action>
o Source @IP, dest @IP, protocol, service, then allow/deny


*********************************************************************
HSC ® © Hervé Schauer Consultants August 1999 - 142, rue de Rivoli - F-75001 Paris - France
Phone: +33 141 409 700 - Fax: +33 141 409 709 - Email: <secretariat@hsc.fr>
- Page 25 -