Enforcing security policies in large scale communication networks

Due to unexpected network interconnection growth, the security of technological and information infrastructures is becoming difficult to be managed and controlled. In addition, security is becoming more and more crucial for an organisation´s information systems operation. The management of an organisation has to establish rules and regulations in order to face the threats that its information systems face. The network manager is obliged to enforce the regulations that senior management addresses. We propose a framework that a network manager could use in order to effectively enforce security policies. In addition, we present a scalable security management architecture suitable for TCP/IP networks. The communication of systems´ logical components is based on the use of the SNMP protocol. Finally, the system includes facilities for collecting and efficiently storing raw and aggregate historical security management information in a temporal database for off-line analysis