Managing network security-a pragmatic approach

Abstract

An efficient management is needed to make use of different security mechanisms in large networks. All mechanisms have to be configured consistently according to the security policy. To reduce complexity, the administrator should not have to cope with details not important for him. In the presented concept the network is divided into several administrative domains which are managed rather independently from each other. Each domain maintains its own network access control policy (NAP). The enterprise-wide policy is a combination of all NAPs. It is enforced by different security mechanisms and configuration can be derived from the global access policy automatically. Existing security mechanisms can be integrated by simply adding a policy transformation unit.