Security Policy Enforcement; Managing Im/P2P Applications; Why Bother With Managing Im/P2P Applications - ZyXEL Communications ZYWALL 1050 Support Notes

2. Security Policy Enforcement

What is a security policy?
Security policy, in the context of information security, defines an individual or an object's
access privilege to information assets which are very important for the company. If the
security policy is not considered and deployed well, the impact on the company will be
massive. We can say that it is a mandatory process to protect the information assets.
For example, ZyCompany doesn't want their guests or vendors to be able to access their
internal network but allows them to access Internet in case they have to get some information
from outside, i.e. access their company's email. Therefore, ZyCompany defines a security
policy - outsider can use 'guest/guest1234'to access Internet through wireless access, but it is
forbidden for them to access company's Internal resource, like talk to LAN PC, access the
DMZ servers, or access the branch office's data through VPN's environment.
What your business can benefit from deployment of security policy?
Deploy security policy well can not only protect company information assets, but also
increase overall productivity, mitigate the impact of malicious application or misuse, and
support regulatory compliance.

2.1 Managing IM/P2P Applications

2.1.1 Why bother with managing IM/P2P applications?

Because some virus/exploits which may cause security breaches are transmitted via
IM/P2P applications, managing IM/P2P application well can mitigate security breaches.
Besides, restricting access to IM/P2P applications can help employees focusing on his/her job
to increase productivity and reduce misuse of network resources, e.g. bandwidth.
All contents copyright (c) 2006 ZyXEL Communications Corporation.
ZyWALL 1050 Support Notes
170