Implementing Network Border Security

The Internet and the company intranet are both insecure environments. When an organization connects to the Internet or creates an internal intranet with segments that maintain confidential information, it puts its internal information at risk. Both situations call for secure, controlled access and increased security to protect valuable corporate information. The first step in implementing network security is to establish a security policy.

This section contains the following subsections:


Security Policy Guidelines

Using Novell BorderManager 3.8 to secure your network borders is just one of several steps required to implement network security at your company. Implementing a secure network takes a great deal of planning and cooperation from the employees at your company. To successfully implement a secure intranet, you must create a security policy. Creating a security policy can be a long, complex process, but it is essential to the success of creating a secure network. Although technology cannot guarantee a completely secure system, you can take steps to prevent the misuse of data and systems in your organization.

A security policy should be a guideline for all employees and administrators in your organization. It should consist of a set of rules expressing the goals you want to meet in securing and controlling access to your networks. The policy you implement depends on the technologies available to you to carry out the rules you establish.

Follow these general guidelines when writing your security policy:


Deciding What to Include in a Security Policy

Consider the following general issues when deciding what to include in your security policy. You might need to add to this list, based on conversations with staff and administrators in your organization. Your security policy should include rules for the following:

IMPORTANT:  The preceding list is not comprehensive; rather, it gives you a general idea of the issues you need to address and provides a starting point for your security policy. Refer to the available information on Internet security, both online and in bookstores, for more details about designing a complete and comprehensive security policy for your network.


Creating a Security Policy

To create a security policy:

  1. Research potential security policies using sources available on the Internet, as well as published material.
  2. Determine the following information about your organization:

  3. Determine how the policy can be changed in the future. Specify how new technology and requirements will be incorporated into your organization and the security policy.
  4. Analyze the security policy with regard to risk and cost. This process can become very analytical and might be better accomplished by hiring a consultant.
  5. Publish the security policy. Make sure that all employees read and understand both the policy and their responsibilities.
  6. Implement the policy. This involves implementing the firewall and enforcing the guidelines established by the security policy.
  7. Enforce the policy. The policy is useless if you do not make sure it is being adhered to by all concerned.
  8. Review and update the security policy on an ongoing basis to deal with new issues and changes to the network.

IMPORTANT:  This information is a guide only and is not meant to provide all the data you need to create a corporate security policy. For more information on network security and implementing a security policy, read one of the many third-party publications that provide detailed information on this subject.


Establishing a Security Policy Using Novell BorderManager

You can control access to a Novell BorderManager 3.8 security on your network by implementing the following rules: