Developing a network security policy
By Adesh Rampat
In the old days of the mainframe, information was centralized so security was not as big an issue. Nowadays, with the advent of information being distributed across many servers located in different areas, security is a major concern. Protecting the information is a high priority. A network with a good accounting and auditing system will ensure that all activities are logged, thereby enabling malicious activity to be detected. In developing a network security policy, the CIO or network administrator need to know what assets are worth protecting and what actions or inactions threaten the assets. The following are points to consider when developing a network security policy:
Physical security involves protecting ALL network-related hardware and infrastructure. Physical security is the foundation of a sound network security policy. If proper network security is not implemented then the network security policy will not work.
Data security will apply to protecting the information stored on network servers and the process by which information is accessed through the network. Only the right people should have access to the right information.
Remote Access Security
Remote access security specifies that users who are granted this privilege comply with the guidelines set forth by the network administrator.
Every user that logs on to the network must be authenticated. This is done by both the user id and password. When a workstation connects to the Internet, the firewall must be able to provide authentication. If set up properly, the firewall will grant and deny access based on rules.
Data encryption is also an important part of the network policy. Encrypting information being sent across the network can reduce the probability of that information being intercepted.
About the author
Adesh Rampat is a member of the Association of Internet Professionals, the Institute for Network Professionals and the International Webmasters Association. He has also lectured extensively on a variety of topics.
Did you like this tip? If so, (or if not) why not let us know. Send an e-mail to us and sound off. Or visit our tips page to rate this tip, or submit one of your own.
Security Engineering: A Guide to Building Dependable Distributed Systems
Author : Ross Anderson
Publisher : John Wiley & Sons
ISBN/CODE : 0471389226
Cover Type : Soft Cover
Pages : 640
Published : Mar 2001
The first quick reference guide to the do's and don'ts of creating high quality security systems.