Alcatel-Lucent ics dissolvable agent for safeguard User Manual
ICS Dissolvable Agent for SafeGuard Administration Guide
16
Chapter 3: General Administration Tasks
Planning for Security
This chapter provides information about the general administration of ICS. Before you
start to configure and administer ICS, you should consider which security features you
want to use and how they will affect your users. You should balance security with the
ability of your users to access your network. If you implement a large number of security
requirements, then you will achieve high security; however, if the end point computers
do not comply, then your users will not be able to access your network. This can cause a
considerable support burden and negatively impact productivity. Alternatively, if you
configure ICS to be too lenient, you might not achieve the level of security you need.
start to configure and administer ICS, you should consider which security features you
want to use and how they will affect your users. You should balance security with the
ability of your users to access your network. If you implement a large number of security
requirements, then you will achieve high security; however, if the end point computers
do not comply, then your users will not be able to access your network. This can cause a
considerable support burden and negatively impact productivity. Alternatively, if you
configure ICS to be too lenient, you might not achieve the level of security you need.
When planning your implementation, be sure to take into account your particular
security situation. ICS provides a variety of features to suit different needs. Depending on
your security goals and your users, you may use only a portion of those features. Use the
information in
security situation. ICS provides a variety of features to suit different needs. Depending on
your security goals and your users, you may use only a portion of those features. Use the
information in
, to determine which features are suitable for
your implementation.
Even if you find that you need a very secure, very restrictive security implementation, it
may not be a good idea to immediately impose it upon your users. The recommended
way to achieve high security with lower user impact is to start with a less demanding
configuration and then implement progressively more strict configurations in an iterative
manner. The process you use to manage these iterative configurations is called a ‘security
lifecycle’. For more information, see
may not be a good idea to immediately impose it upon your users. The recommended
way to achieve high security with lower user impact is to start with a less demanding
configuration and then implement progressively more strict configurations in an iterative
manner. The process you use to manage these iterative configurations is called a ‘security
lifecycle’. For more information, see
Security Scenario
ICS is designed to provide flexible configuration options that allow you to tailor its
protection to your security needs. When deciding which ICS security solutions to use you
should consider the following:
protection to your security needs. When deciding which ICS security solutions to use you
should consider the following:
■
Security vulnerabilities
■
Threats
■
Type of end point users and disruption tolerance
Use the following full network access security scenario to help plan your
implementation. In this scenario, you are providing end point users with unlimited
access to your entire network.
implementation. In this scenario, you are providing end point users with unlimited
access to your entire network.
Vulnerabilities
In this scenario, your entire network is vulnerable, including:
■
Network resources
■
File servers
■
Application servers