Chapter 14: Creating a Security Policy

Introduction

This chapter covers an important topic, which is how to define a security policy. This is something you need to do early on so that you can find the right solution for your specific environment. Once you determine how you want to enforce security in your company, then you will know whether you really need to spend the time and effort involved in setting up user authentication, or whether you'd rather use your existing Lightweight Directory Access Protocol (LDAP) server, which would save you a lot of trouble. Once you have created a security policy for your company and have planned to introduce security into your network, choosing your implementation strategy should be fairly straightforward.

We will also discuss how to implement your policy into the FW-1 Policy Editor. Of course, if you are using private IP addresses inside your firewall, then you may need to run Network Address Translation (NAT) before you can put your firewall in place, but this chapter will get your firewall ready to enforce your policy and start passing packets in your network.

We will walk you through the setup of a Firewall object, and a step-by-step procedure of adding the services outlined in your information security policy into the FW-1 Policy Editor interface. Then we'll discuss some additional ways in which to manipulate your rules as well as how to finally install your policy so that it is enforced.