5.1. Defining an Access Control Policy
During the system analysis phase, you had to define what types of Internet traffic were required to fulfill business functions, as well as other, noncritical but acceptable traffic that is to be permitted. Once you define the type of traffic, you use how and when that traffic should be allowed (known as the context) to create your access control policy. An access control policy is simply a corporate policy that states which type of access is allowed across an organization's network perimeters. For example, your organization may have a policy that states, "Our internal users can access Internet websites and FTP sites or send SMTP mail, but we will only allow inbound SMTP mail from the Internet to our internal ...
Get Mastering™ Network Security, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
