On completing this chapter, you will be able to
Explain the purpose of a security policy
Write your own security policies
Describe the importance of a security policy
If a company wants to adequately protect its network, it must implement a security policy. It is important to establish a good balance between the level of security and the ability of users to get to the information they need. The most secure PC is the one that is not connected to a network, but the problem with this approach is that nobody can access the data. This chapter provides guidelines for developing a security policyhow to define it, develop it, adopt it, and enforce it with users. Cisco has developed a security wheel (see Figure 5-3 and the accompanying discussion) to illustrate the process that a company has to undertake to have a proper security policy. With a security policy alone, you are nowhere. That policy needs to be implemented, monitored, tested, and improved all the time.
Over the past years, Internet-enabled business has changed drastically. E-business applications such as e-commerce and remote access enable companies to streamline processes, lower operating costs, and increase customer satisfaction. Applications for e-commerce require mission-critical networks that accommodate voice, video, and data traffic. These networks must be scalable to support an increasing number of users as well as increases to capacity and performance. However, as networks grow to accommodate the applications that are available to increasing numbers of users, they become even more vulnerable to a wider range of security threats. To combat these threats, security technology must play a major role in today's networks.
The closed network shown in Figure 5-1 typically consists of a network designed and implemented in a corporate environment and provides connectivity only to known parties and sites without connection to public networks. Networks were designed that way in the past and were reasonably secure because of no outside connectivity.
As shown in Figure 5-2, today's networks are designed with availability to the Internet and public networks. Most of today's networks have several access points to other networks both public and private; therefore, securing these networks has become fundamentally important. With the development of large, open networks over the past 20 years, there has been a huge increase in security threats. Security threats have increased not only because hackers have discovered more vulnerabilities, but also because hacking tools have become easier to use and the technical knowledge simpler to learn.
Security has moved to the forefront of network implementation and management. Allowing open access to network resources and ensuring that the data and resources are as secure as possible is necessary for the survival of many businesses. The need for security is becoming more important because of the following:
It is required for e-business. The importance of e-business and the need for private data to traverse public networks has increased the need for network security.
It is required for communicating and doing business safely in potentially unsafe environments.
Networks require development and implementation of a corporate-wide security policy. Establishing a security policy should be the first step in migrating a network to a secure infrastructure.
![[View full size image]](/image/library/english/13756_05fig01_alt.gif;380136){kind=link}
![[View full size image]](/image/library/english/13756_05fig02_alt.gif;380136){kind=link}