The design of an enterprise network security system presents agreat challenge because of the complexity of networking environments andvariation in design objectives. The design of a high performance andmanageable enterprise network security system presents an even greaterchallenge. Such a system, however, would not only reduce the overallcost of system administration and user management, but also enhance theeffectiveness of the security mechanisms due to the decrease in thenumber of mistakes that the security system administrators might make.Systems too complex and too cumbersome to manage achieves only part ofthe objectives for an enterprise network security system at best. Wepresent the design of an enterprise network security system developed inMCI to protect network elements from user access in which performanceand manageability are among the most important criteria that measure thesuccess of the development. We describe the environment, therequirements and the design considerations as well as the mechanismsused in the design and development to achieve the objectives. A numberof specific design decisions are discussed that help make the securitysystem easier to manage and, at the same time, improve the performanceof the security operations
展开▼