You have two primary security policies to use as a baseline in designing your security policy. The first is the closed security policy, also known as the minimalist security policy. The other is an open security policy, also known as generally a bad idea.
The closed security policy is based on the premise that by default all access is denied, and only access that is explicitly required will be permitted. The benefit of this approach is that the security policy will be designed only to allow access that has been explicitly granted. This security policy is frequently implemented when dealing with granting access from an untrusted source to a protected system (sometimes referred to as ingress filtering). The drawback of this system is the same as its strength, however. Because the default action is to deny traffic, it can be a time-consuming process to identify, configure, and maintain the list of exceptions that must be permitted.
At the other end of the spectrum is the open security policy. It takes the exact opposite approach, by default granting all access and denying only the traffic that is explicitly configured to be denied. This type of security policy is frequently implemented for granting access from a trusted network to external systems (sometimes referred to as egress filtering). The benefit of this system is that it generally takes little to no configuration to allow systems to traverse the firewall and access resources. As a result, many firewalls by default apply this methodology to traffic that is sourced from the internal network to external networks such as the Internet. Although convenient, it is incredibly insecure because the firewall will allow legitimate and malicious traffic out with equal ease. Consequently, it is not recommended that you implement a firewall that is configured in this manner. Although more convenient, the risk is simply too great for most environments.
Was this article helpful?
Struggling to Optimize Your Site for the Search Engines? Uncover What You Need to Know to Perform Basic SEO on Your Site, and Help Get it Listed in the Powerful Search Engines. Are YOU Ready to Climb Your Way Up The Search Engine Rankings and Start Getting the FREE Traffic You're Looking For? Hundreds of places claim they can give you top rankings, but wouldn't you rather just learn how to do it on your own so you can repeat the process on any future site you build?