"Policy-based security management" refers to the application of a governing set of rules at strategically located points (chokepoints) for the purpose of enforcing security boundaries between two or more networks, such that only those events meeting certain criteria may pass between them, while all other events are denied passage. For network operations, this filtering process selectively discards packets in order to control access to a network, or to resources such as files and devices. Variations and improvements of this basic theme have resulted in devices known as firewalls today--network components that provide a security barrier between networks or network segments. Much like a guard at a checkpoint, the firewall strictly enforces rules specified within an established policy for what shall pass on a case-by-case basis. The policy may alternatively dictate that other actions may apply as well, such as logging the event and/or sending an urgent electronic mail message notifying appropriate personnel of the event.
Security professionals consider firewalls to be essential in the protection of an enterprise's private network or virtual private network from access to computers by unauthorized personnel or "hackers." Like any security measure, however, firewalls are not foolproof. Firewalls provide no protection for traffic routed around them, as is often the case when modems are used while connected to internal networks; i.e., circumvention of the firewall through unprotected channels, such as through telephone lines or extensions normally used for voice or fax. Clearly, there is a need for a system and method for controlling access to an enterprise's network through telephony resources that otherwise cannot be sufficiently protected by traditional firewall technology.
In addition to security needs relevant to computer networks, there are issues in the toll fraud, phone misuse, call accounting and bill reconciliation arenas that warrant similar protections. Currently, a need exists to address the full spectrum of security issues across an enterprise that may span the entire globe. A need exists for a scalable and manageable system and a method for controlling and logging access to an enterprise's telephony resources.