Company Security Policies – CompTIA Network+ N10-006 – 4.8

Companies rely on security policies for their WAN to manage and secure traffic flows. In this video, you’ll learn about traffic blocking policies and traffic throttling technologies.
<< Previous: Troubleshooting Customer Premise EquipmentNext: Understanding the OSI Model >>

On the inside of your local area network you have a relatively large amount of bandwidth, and we tend to trust the users that are on our local networks. When you’re communicating, though though, out over the WAN, you lose a lot of that trust. And you also have limitations on the amount of bandwidth available. Because of that, security policies become very important in wide area networks.

The idea of allowing or blocking certain kinds of traffic over a wide area network tend to be more of a philosophical conversation. Different organizations like to do things different ways. If you are a school or university and there are a lot of people doing research, you tend to have a more open wide area network. If you’re a private organization, you might have a very different set of security policies.

Some of the policies might be based around what to block and how the block it. You may be blocking traffic based on a URL. It might be based on the type of applications that are going over the wide area network. Or you may decide that certain users or certain groups of users may have access to different kinds of information over the wide area network.

Another philosophy is that you block everything and you only enable access to sites that are specifically allowed for your organization. This is obviously going to require a good bit of administration, because somebody’s going to need to add every single location the people need to communicate with.

Perhaps a more common way of communicating over these wide area networks is that you allow all traffic to pass, except for certain sites where you’ve made an exception. And in those cases you would be setting up blocks based on URLs, categories or applications, or some other criteria. This certainly makes things easier to administer, but it could be argued that it makes it a bit less secure as well.

One of the challenges we have with wide area networks is that we only have a certain amount of bandwidth available to use. And unfortunately a number of our modern applications like to use a lot of bandwidth. So now administrators tend to throttle traffic that’s going over the network.

And you can usually do this with firewalls or routers or specialized quality-of-service devices that you can have in line with all your network traffic. This means that you can still allow all of this traffic to pass over the wide area network, but you can limit the impact that a type of application might have on all of the other traffic going over the WAN.

A good example of this might be controlling how much streaming media is going over that wide area network connection. You may want to allow access to YouTube, but provide an additional priority for traffic that is mission critical. That way your mission-critical data still gets through, but everybody still able to watch their YouTube videos.

There’s a concept with wide area network providers called the “fair access policy,” where the provider is providing exactly the same access to everybody who’s using the network. This, of course, tends to break down a bit when you consider that a small number of users are actually using the most amount of bandwidth across the network. So this is where internet service providers start to use technologies like quality of service and traffic prioritization to allow everyone to gain access to all of the resources across the network.