Acceptable Use Policy/Remote Access Standard Outline
This acceptable use policy/Remote Access Standard grants the right for users to gain access to the network of Richman Investments and also binds the said user to follow and abide accordingly to the agreements set forth for network access which is provided below.
The use of peer-to-peer file sharing or externally reachable file transfer protocol (FTP) servers is strictly forbidden.
Downloading executable programs or software from any websites, even known sites, will not be tolerated
The user will not redistribute licensed or copyrighted material without first receiving authorization
Introduction of malicious programs into networks or onto systems will not be Tolerated
Do not attempt to gain access to unauthorized company resources or information From external or internal sources
Sending unsolicited e-mail messages or junk mail to company recipients is prohibited
There will be no accessing of adult content from company resources
Flash Drives for personal use is strictly forbidden
Remote connections from systems failing to meet minimum security requirements will not be allowed
Downloading of any external software (e.g. games, e-books) is strictly prohibited
Access to social media websites such as, Google, Facebook and Twitter, is prohibited on company resources
Internet use will be monitored by company LAN group
Access to company email is allowed but will be screened by network administrator
1) Secure Access via VPN
Access from remote users to the corporate network will be via secure IPSEC VPN or SSL VPN connections only. This is necessary to secure the connection from the remote device to the corporate network.
• Wired Equivalency Protocol (WEP) will be used as standard on Wi-Fi connections.
• A WEP encryption key will be used.
• The power of access points will be turned down to a minimum that still allows the access point to function.
• Due to the possibility of cracking Wireless Encryption Protocol using sniffing software such as AirSnort (AirSnort is a Linux and Windows utility used for decrypting WEP encryption on an 802.11b network. AirSnort is free) all wireless access points will be outside the firewall.
• Wi-Fi Protected Access (WPA) will be used where it is available.
1A) Remote Device Protection
To prevent remote PC’s, laptops, PDA’s etc from compromising the corporate network, security software will be installed on the devices.
• Firewall software will be installed on the devices to prevent them from being compromised by trojans and other back door software.
• Anti-virus software configured to automatically download the latest virus signatures will be installed and utilized.
1) Prevention of Data Loss
All laptops and PDA’s that are taken off site will have the following security configured, to prevent data loss in the event of theft.
• The hardware password will be enabled if available.
• All corporate data on the laptop or PDA will be encrypted using appropriate encryption software.
• Sensitive documents will be accessed remotely and not downloaded to the laptop or PDA.
2) User Domain
a. Use security awareness training to instruct employees of Richman Investments security policies. b. Audit user activity.
3) Workstation Domain
a. The usage of antivirus and anti malware programs on each user computer. b. Implement strict access privileges to corporate data.
c. Deactivation of media ports.
4) LAN Domain
a. Utilizing network switches.
b. Utilize encryption to wireless access points.
c. Secure server rooms from unauthorized access.
5) LAN to WAN Domain
a. Closing off unused ports via a firewall to reduce the chance of unwanted network access. b. Monitor inbound IP traffic, more specifically looking for inbound transmissions that show signs of malicious intent. c. Run all networking hardware with up to date security patches, and operating systems
6) WAN Domain
a. Enforce encryption, and VPN tunneling for remote connections. b. Configure routers, and network firewalls to block Ping requests to reduce chance of Denial of Service attacks.
c. Enforce anti virus scanning of email attachments.
d. Isolate malicious software (virus, Trojans, etc.) when found. e. Deployment of redundant internet connections to maximize availability.
7) Remote Access Domain
a. Establish strict user password policies, as well as lockout policies to defend against brute force attacks.
b. Require the use of authorization tokens, have a real-time lockout procedure if token is lost or stolen.
c. Encrypt the hard drives of company computers, laptops and mobile devices to prevent the loss of sensitive data.