Security Strategies

In order for the PIX to protect a network, managers and administrators must figure out what type of security strategy to employ. Do we deny everything that is not explicitly permitted, or do we allow everything and deny only certain things? The security policy is the most important element when designing a secure network. Without a policy, the necessary devices and configurations cannot be implemented properly. The security policy should aim for a balance between security and cost/productivity. It is impossible for a network to be totally secure; the security policy should reflect the risks of a potential security incident that the company is willing to take. For example, by allowing users the ability to browse Web sites to perform research on the Internet, a company opens itself up to numerous security risks that can be exploited. Weigh this against restricting access to browsing Web sites in a company that relies heavily on that information to function. If the security policy is designed and implemented properly, these risks will be minimal. Once a security policy has been established, a firewall can then be used as a tool to implement that security policy. It will not function properly at protecting your network if the security policy is not carefully defined beforehand.