Chapter 8. Policy

It was mentioned in previous chapters that policy determines the security services afforded to a packet and the treatment of a packet in the network. However, the issue of policy representation and management of IPSec connections were not discussed. We will address some of these issues in this chapter.

Policy is difficult to describe and define. It is the fuzzy middle between a human desire (“I want to encrypt and authenticate all access that my subcontractors have to my network”) and a machine's definition (“encrypt tcp packets from 10.3.86.5 to 10.4/16 with CAST and authenticate them with HMAC-SHA”). Because it is the security interface between human and computer, it is extremely important. The transition from human to computer ...

Get IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.