Network security policies, Policy design – Extreme Networks Summit 300-48 User Manual
Page 87
Network Security Policies
Summit 300-48 Switch Software User Guide
87
Network Security Policies
Network security policy refers to a set of network rules that apply to user access. You can base the rules
on a variety of factors, including user identification, time and location, and method of authentication. It
is possible to design network security policies to do all of the following:
•
Permit or deny network access based on location and time of day.
•
Place the user into a VLAN based on identity or authentication method.
•
Limit where the user is permitted to go on the network based on identity or authentication method .
Policy Design
When designing a security policy for your network, keep the following objectives in mind:
•
Make each wired and wireless client as secure as possible.
•
Protect company resources.
•
Make the network infrastructure as secure as possible.
•
Be able to track and identify wired and wireless rogues.
To achieve these objectives, it is necessary to work within the constraints of your environment:
•
Technology of all the clients
—
802.11 radio technology (b, a, g, a/b, a/g)
—
Operating system (W2K, XP, Pocket PC, ….)
—
Client readiness for 802.1x; client upgrades
•
Authentication servers available or planned
—
Operating System Login only (i.e. Domain Access, LDAP)
—
RADIUS for Users
—
PKI Infrastructure
•
Nature of the user population
•
Ability to divide users into meaningful groups
•
Network resources required by users
•
Desired access restrictions based on resources, locations, times, and security level
•
Acceptable level of network management and user training
•
Anticipated changes in the network