Policy-based management: bridging the gap
- 20 January 2003
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
In a policy-based system, policy goals are described with respect to network entities (e.g. networks and users) instead of enforcement points (e.g., firewalls and routers). This global view has several advantages: usability, global rules are closer to the goals of the human administrator; scalability, the policy system ensures that the enforcement points are configured appropriately, whether there are 1 or 100 enforcement points; and security, the policy system ensures that the policy is enforced consistently. This paper describes techniques for accurately translating from global policy rules to actual per-device configurations, and it describes how these techniques were used in the implementation of Cisco Secure Policy Manager.Keywords
This publication has 4 references indexed in Scilit:
- Firmato: a novel firewall management toolkitPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- Filtering postures: local enforcement for global policiesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Remote Authentication Dial In User Service (RADIUS)Published by RFC Editor ,1997
- A survey of intrusion detection techniquesComputers & Security, 1993