The security of a network depends heavily on the ability to manage the available security mechanisms effectively and efficiently. Concepts are needed to organize the security management of large networks. Crucial is the possibility to cope with frequent changes of the configuration and with the complexity of networks consisting of thousands of users and components. In the presented concept the network is divided into several administrative domains that are managed rather independent from each other. Each domain defines its own security policy. These are combined giving the global security policy. To enforce it, different security mechanisms -both network based and host based - can be used. Their configuration can be derived from the global security policy automatically.
展开▼