Specifications
1
Introduction
Security Policy
The security policy provides the basis for working with all programs, hosts,
and data. In addition, it outlines how to guarantee the monitoring of security
guidelines and how internal or external breaches of this policy are handled. To
draft a security policy, it is best to produce a communication analysis. To this
end, the following topics are of utmost importance:
An analysis of your security requirements is necessary. What needs to be
protected?
Are there areas of the intranet that contain especially sensitive data (such
as the personnel department and data critical of the company)? Where is
this data located?
Who can access the data? Are there various levels of authorization?
Should data be available over the network?
Which services should be accessible internally? Which services should
be accessible from internal to external (e-mail, surfing, data transfer) and
which services external to internal (e-mail, web services, data transfer)?
The list of questions to answer in a security policy must be drawn up individually
and answered.
Communication Analysis
The most important aid for carrying out a communication analysis is a commu-
nication matrix. The services available for client hosts and users are represented
here in a table format. This matrix is then mapped to the proxies and IP filter
rules.
Setting up a Communication Matrix
Make a list of all clients and servers on your network. Then define which
protocols may be used by which clients. Also state in which direction each
packet can be sent or received.
An example for the HTTP protocol: The client host1 needs to access a web server
in the internal network, but should not be able to establish a connection to an
external web server. The entry in the communication matrix then appears as
depicted in the example shown below.
11SuSE Linux – Firewall on CD2