Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers Request free information on products written about or advertised in BYTE Submit a press release, or scan recent announcements Talk with BYTE's staff and readers about products and technologies

ArticlesNetwork Security Starts with Workable Policy

April 1995 / State Of The Art / Build A Firewall / Network Security Starts with Workable Policy

If you don't know where you're heading, it doesn't matter which direction you go. Similarly, no security measures will be effective unless you know what you want to protect. All computer security rests on the bedrock of a carefully drawn security policy that delineates what data and systems to protect, what levels of protection are appropriate, and what hardware and software you'll need to do it.

Policy sounds as if it's a high-level concept that doesn't have much to do with day-to-day operations and the nitty-gritty of firewall implementation details. But this is wrong and, what's worse, wrongheaded. Because any firewall system, no matter how it is built, can only implement spec ific decisions that have been made by the organization--as matters of policy.

BBN Internet Services (Cambridge, MA) identifies the "four P's" of Internet security: 

-- 
Paranoid
--No Internet connection. Everything is forbidden,
   even perhaps what should be allowed.
-- 
Prudent
--Everything is forbidden except what is explicitly allowed.
-- 
Permissive
--The logical opposite of prudent. Everything is allowed
    except what is explicitly forbidden.
-- 
Promiscuous
--Everything is allowed, including those things that
   ought to be forbidden.

If your organization is like most, you'll find a comfortable spot somewhere in the prudent-to-permissive range and design your security accordingly. You need to determine what will and will not be permitted. Until your organization makes this fundamental decision, it has no workable basis for determining its security needs. The determination process, though, is far from simple and may well vary from departme nt to department within a large organization. The fact is, security is one of those concerns that never really goes away. And in an age of connectivity and internetworking, security is more important than ever (see "Top Security Threats").

Finally, as conditions change, you must be ready to change or revise your policies. Creating your own "Ten Commandments" and engraving them in stone won't work in today's world.

Up to the State Of The Art section contentsGo to previous article: Safe Network Services: FTP, DNS, and X11Go to next article: Top Security ThreatsSearchSend a comment on this articleSubscribe to BYTE or BYTE on CD-ROM  
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network