Firewall Fundamentals

The term security policy has a number of meanings in the industry. On one hand, it refers to the written policies that dictate how the organization manages the security of their resources. On the other hand, it refers to the actual configuration of the device in question, such as with an access control list (ACL).

This chapter looks at both forms of security policy as they relate to firewalls:

• The written security policies (sometimes referred to as information security policies) that define what the security objectives for the organization (including their firewalls) are

• The ingress-and egress-filtering and management policies (sometimes referred to as firewall policies or the firewall ruleset) that define the actual configuration of the device