Chapter 10. Firewall Security Policies
The term security policy has a number of meanings in the industry. On one hand, it refers to the written policies that dictate how the organization manages the security of their resources. On the other hand, it refers to the actual configuration of the device in question, such as with an access control list (ACL).
This chapter looks at both forms of security policy as they relate to firewalls:
The written security policies (sometimes referred to as information security policies) that define what the security objectives for the organization (including their firewalls) are
The ingress-and egress-filtering ...