Table of Contents
Advertisement
The Nokia IP60 Firewall Security Policy
This chapter includes the following topics:
The Nokia IP60 Firewall Security Policy ................................................ 232
Default Security Policy ............................................................................ 233
Setting the Firewall Security Level ......................................................... 233
Configuring Servers ................................................................................. 236
Using Rules ............................................................................................. 238
Using Port-Based Security ....................................................................... 247
Using Secure HotSpot.............................................................................. 251
Using NAT Rules .................................................................................... 255
Using Web Rules ..................................................................................... 261
The Nokia IP60 Firewall Security Policy
What Is a Security Policy?
A security policy is a set of rules that defines your security requirements, including (but not limited to)
network security. By themselves, the network security-related rules comprise the network security policy.
When configured with the necessary network security rules, the IP60 appliance serves as the enforcement
agent for your network security policy. Therefore, the IP60 appliance's effectiveness as a security solution
is directly related to the network security policy's content.
Security Policy Implementation
The key to implementing a network security policy is to understand that a firewall is simply a technical tool
that reflects and enforces a network security policy for accessing network resources.
A rule base is an ordered set of individual network security rules, against which each attempted connection
is checked. Each rule specifies the source, destination, service, and action to be taken for each connection.
A rule also specifies how a communication is tracked, logged, and displayed. In other words, the rule base
is the implementation of the security policy.
Security Policy Enforcement
The IP60 appliance uses the unique, patented INSPECT engine to enforce the configured security policy
and to control traffic between networks. The INSPECT engine examines all communication layers and
extracts only the relevant data, enabling highly efficient operation, support for a large number of protocols
and applications, and easy extensibility to new applications and services.
Planning the Nokia IP60 Firewall Security Policy
Before creating a security policy for your system, answer the following questions:
Which services, including customized services and sessions, are allowed across the network?
Which user permissions and authentication schemes are needed?
Which objects are in the network? Examples include gateways, hosts, networks, routers, and
domains.
Which network objects can connect to others, and should the connections be encrypted?
232
Nokia IP60 Security Appliance User Guide
Advertisement
Table of Contents
Troubleshooting
