About the System Policy

When you install Intel® Packet Protect, a System Policy is created for your system.

The System Policy defines a collection of rules that describes the security settings to enforce under certain situations. When a system attempts communication, Intel Packet Protect evaluates a number of things before allowing the communication.

Note: If your system uses Intel® NetStructure Policy Manager, you cannot view or edit information about the System Policy.

The Policy Editor displays the rules that are in your policy. How do I view the Policy Editor?

The System Policy may have only one rule, the Default Rule that is created at installation. Your System Policy may have several additional rules, or even no rules at all.

The following example describes how the policy works:

  1. MySystem attempts to communicate with MyServer with a rule using the 3DES+SHA1+None encryption algorithms.

  2. If a rule match is found, MySystem proposes the security action settings and authentication settings that you defined for that rule. The two systems negotiate the security settings. If that security settings negotiation is successful, the two systems communicate using the agreed upon settings. If that negotiation fails, the communication fails or is allowed unsecured, depending on the if rule fails specification.
    3.  
  3. If a rule match is not found, the system proposes the pre-shared key assigned for that system. It then proposes pre-defined security settings, that is, default security settings that are used for all communications.

Note: If the destination system uses Intel Packet Protect, it also searches its policy for a rule with settings that match. If your system and the destination system have matching rules, the communication is allowed secure according to the specified security action settings.

Click for more information on how Intel Packet Protect works.

Copyright © 2000, Intel Corporation. All rights reserved.

Intel Corporation assumes no responsibility for errors or omissions in this document. Nor does Intel make any commitment to update the information contained herein.

* Other product and corporate names may be trademarks of other companies and are used only for explanation and to the owners' benefit, without intent to infringe.