Premium Essay

Acceptable Use Policy for Wan/Lan Access

In:

Submitted By jmichaelbaker
Words 339
Pages 2
Acceptable Use Policy (AUP) for use of WAN/LAN owned and maintained by Richman Investments

Statement of Policy:
The following Information Technology Acceptable Use Policies and Procedures are to be followed by ALL employees, contractors, vendors, and other authorized individuals who are granted access to any Local Area Network and/or Wide Area Network or other service maintained and provided by Richman Investments or its subsidiaries. It is expected that all departments will enforce these policies. ANY USER FOUND VIOLATING THESE POLICIES OR PROCEDURES WILL FACE PUNISHMENT WHICH MAY INCLUDE DISCIPLINARY ACTION, SERVICE ACCESS TERMINATION, AND/OR LEGAL ACTION.
Users of the any Local Area Network and/or Wide Area Network owned and maintained by Richman Investments understand they are subject to monitoring by the Information Technology department in order to maintain systems security and prevent unauthorized access and usage of equipment. Richman Investments assumes no responsibility for actions performed by users which violate any laws, foreign or domestic. If discovered, these users will be reported to the proper authorities for prosecution.

Prohibited Use of Equipment or System: * No peer-to-peer file sharing or externally reachable file transfer protocol (FTP) servers * No exporting internal software or technical material in violation of export control laws * No accessing unauthorized internal resources or information from external sources

* No port scanning or data interception on the network * No denying service or circumventing authentication to legitimate users * No using programs, scripts, or commands to interfere with other network users

* No remote connections from systems failing to meet minimum security requirements

Violations of Policy:
Actions considered to be violations of policy are any actions which go

Similar Documents

Premium Essay

Defining an Excceptable Use Policy

...CNG-132 Defining and Acceptable Use Policy Acceptable Use Policy An Acceptable Use Policy (AUP), acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager of a network, website, service, or large computer system that restrict the ways in which the network, website or system may be used. AUP documents are written for corporations, businesses, universities, schools, internet service providers, and website owners, often to reduce the potential for legal action that may be taken by a user, and often with little prospect of enforcement. The acceptable use policy (AUP), To fully explain the acceptable use policy would mean to start from the beginning, the user domain. The user domain is the employee or people within an organization who is granted access to the information system for the organization. There are roles and tasks, responsibility, and accountability that go into an acceptable use policy for the user domain. Within the user domain is the access of LAN to WAN, web surfing, and internet. LAN to WAN is the activities between and firewall LAN to WANs, routers, intrusion, detection, and workstations. Web surfing determines what a user can do on company time with company resources. Internet is when the user has access to the internet what types of controls should the organization have on the certain internet sites being accessed. Although they seem to be alike they are their own entity. The LAN to WAN acceptable use Policy will go hand in hand...

Words: 411 - Pages: 2

Premium Essay

Nt 2580 Project Part 1

...employees sign confidential agreement * Introduce an AUP acceptable use policy * Have HR verify an employee’s identity with background checks * Conduct security awareness training * Enable content filtering and antivirus scanning * Restrict access to only info needed to perform job * Track and monitor abnormal behavior of employees Workstation Domain * Implement workstation log on ids and password * HR must define proper access controls for workers based on jobs * IT security must then assign access rights to systems, apps, and data * IT director must ensure workstation conforms to policy * Implement second level test to verify a user’s right to gain access * Start periodic workstation domain vulnerability tests to find gaps * Define workstation application software vulnerability window policy * Use content filtering and antivirus scanning at internet entry and exit * Mandate annual security awareness training LAN Domain * Setup of user LAN accounts with logon ID and password access controls * Make sure wiring closets, data centers , and computer rooms are secure * Define strict access control policies * Implement second level identity check * Define a strict software vulnerability window policy * Use WLAN network keys that require a password for wireless access * Implement encryption between workstation and WAP LAN to WAN Domain * IP routers and ACLs * IP stateful firewalls...

Words: 1912 - Pages: 8

Premium Essay

Define a Lan-to-Wan, Internet, and Web Surfing Aup That Restricts Usage of the Company’s Internet Connection and Permits the Company to Monitor Usage of the Corporate Internet Connection.

...Acceptable Use Policy CSS150-1301B-01 Luz Centeno March 4, 2013 Prof. Cordero Acceptable Use Policy To fully explain the acceptable use policy would mean to begin from the beginning, the user domain. The user domain is the employee or people within an organization who is granted access to the information system for the organization. There are roles and tasks, responsibility, and accountability that go into an acceptable use policy for the user domain. Within the user domain is the access of LAN to Wan, web surfing, and internet. LAN to Wan is the activities between LAN to Wan and firewalls, routers, intrusion, detection, and workstations. Web surfing determines what a user can do on company time with company resources. Internet is when the user has access to the internet what types of controls should the organization have on the certain internet sites being accessed. Although they all sort of are the same they are very much different (Cordero, 2013). For the Lan to Wan AUP will go hand in hand with the roles and tasks parts of the user domain. Users would be given access to certain systems, applications, and data depending on their access rights. The AUP is like a rulebook that employees need to follow when using an organization’s IT assets and if they are violated it could be grounds for termination. The AUP will set grounds on employees to understand that they are responsible for any and all actions on an organization’s IT assets. In particular to organizations...

Words: 771 - Pages: 4

Premium Essay

Is4550 Week 5 Lab

...Audit an Existing IT Security Policy Framework Definition Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: * Identify risks, threats, and vulnerabilities in the 7 domains of a typical IT infrastructure * Review existing IT security policies as part of a policy framework definition * Align IT security policies throughout the 7 domains of a typical IT infrastructure as part of a layered security strategy * Identify gaps in the IT security policy framework definition * Recommend other IT security policies that can help mitigate all known risks, threats, and vulnerabilities throughout the 7 domains of a typical IT infrastructure Week 5 Lab Part 1: Assessment Worksheet (PART A) Sample IT Security Policy Framework Definition Overview Given the following IT security policy framework definition, specify which policy probably can cover the identified risk, threat, or vulnerability. If there is none, then identify that as a gap. Insert your recommendation for an IT security policy that can eliminate the gap. Risk – Threat – Vulnerability | IT Security Policy Definition | Unauthorized access from pubic Internet | Acceptable use policy | User destroys data in application and deletes all files | Backup Recovery Policy | Hacker penetrates your IT infrastructure and gains access to your internal network | Threat Assessment & Management Policy | Intra-office employee romance...

Words: 1625 - Pages: 7

Premium Essay

Nt1310 Unit 3 Assignment 1

...The LAN-to-WAN domain is used to provide internet access for an entire organization and is actually the entry point of the Wide Area Network (WAN). This domain is the IT infrastructure where all the data moves in and out of the organization (Mansfield, 2010). There are many risks and threats that are associated with this domain since an attack can come from inside the network or try entering the network from an outside source. As an Information Systems Security Officer for a medium sized technology firm that has two sites, one in Virginia, and another in California, I am charged with the task of implementing the proper security controls for the organization’s LAN-to-WAN domain as well as propose a series of hardware and software controls which will provide security for these domain. The LAN-to-WAN domain is responsible for receiving a lot of traffic through it and it is therefore vulnerable to numerous risks, threats and other vulnerabilities. The threats from people can emerge from badly configured equipment or those that are not correctly...

Words: 1164 - Pages: 5

Premium Essay

Project Pt 2 It255

...are as follows: User Domain, Workstation Domain, LAN Domain, and LAN to WAN Domain, Remote Access Domain, WAN Domain, and the System/Application Domain. The first part of the IT infrastructure is the User Domain. It is the weakest link in the IT infrastructure and this is where the users connect to the system. You can make the user aware to the risks and threats that they are susceptible to by holding an Awareness Training session. The system is password protected however; you should change passwords every few months to prevent an attack. Also, log the users as they enter and exit the system to make sure there’s no unauthorized access. While it’s the company’s choice to allow employees to bring in USB/Removable drives, you have a threat to someone obtaining the wrong information, or getting malicious software into the system. If you allow the USB/Removable drives, have a virus scan every time someone inserts one into a company computer. In a Workstation Domain, you need to make sure virus protection is set up. You are protecting administrative, workstations, laptops, departmental workstations and servers, network and operating system software. You can enable password protection and auto screen lockout for inactive times, use workstation antivirus and malicious code policies, use content filtering and antivirus scanning at internet entry and exit, and update application software and security patches according to the policies and standards. You need to also make sure that the...

Words: 683 - Pages: 3

Premium Essay

Richman Superviser Briefing

...The first thing to understand is what the standard for “internal use only” is. The definition of “internal use only” is “Information or data shared internally by an organization. While confidential information or data may not be included, communications are not intended to leave the organization.” What does that mean? It means that information being used by this classification is to be created, used, and distributed through the organization and nowhere else. Let’s now explain the technical side of things. The IT infrastructure domains consist of 7 different domains. These domains are user domain, workstation domain, LAN domain, LAN-to WAN domain, remote access domain, system/application domain, and WAN domain. For the use of “Internal use only” classification it should only include the following domains. The following contains information on how “internal use only” classification is affected by these domains. User domain- The user domain is by far the most vulnerable. This domain can be vulnerable by the employee’s actions, emotions, and awareness of company policies and procedures. It is up to the user to use the information correctly not necessarily up to the network protocols in place. The best way to mitigate this issue it to monitor abnormal behavior and have employees understand the company’s acceptable use policy. Workstation domain- The workstation domain is how the user connect to the company’s IT infrastructure. It can be from workstations to personal data assistance...

Words: 510 - Pages: 3

Premium Essay

Nt2580- Project Part 1

...a. This Domain includes Individuals within an organization who access its information. b. An acceptable use policy to define what users can and cannot do with company IT information will be created. c. Managers should review security awareness training and review acceptable use policies with employees periodically. d. Internal CD drives and USB ports will be disabled. e. Content filtering and antivirus scanning on any downloaded media, and emails will be setup. f. Restrict access for users to only applications, data and systems needed to perform their job. g. Monitor and track employee behavior and their use of IT infrastructure during off hours. 2. Workstation Domain a. Systems where most users connect to the IT infrastructure. i. Workstations can be any desktop, laptop, or other device that connects to an organizations network. b. Password protection on all workstations. c. Auto screen lockout for inactive times. d. Strict access control procedures, standards, policies, and guidelines. e. All CD, DVD, and USB ports will be disabled. f. Automated antivirus solution that updates and scans each workstation automatically. g. Vulnerability policies for workstation operating systems and application software 3. LAN Domain a. LAN domain includes both Logical configuration and physical network components. b. Wiring closets, data centers, and computer rooms need to be secured. c. Strict access control procedures, standards,...

Words: 779 - Pages: 4

Premium Essay

Richman Investments

...Richman Investments holds requirements for the usage of the company network including filtering policies for network traffic through an AUP. Acceptable use policy (AUP) would start with the User Domain. The user domain is the employee within an organization who is granted access to the information system for the organization. There are roles and tasks, responsibility, and accountability that go into an acceptable use policy for the user domain. Within the user domain, access to the LAN to WAN, web surfing, and internet could be used help gather information between customers and employees. LAN to WAN is the activities between LAN to Wan and firewalls, routers, intrusion, detection, and workstations. Web surfing determines what a user can obtain on company time with company resources. Internet, is when the user has access to the internet with the types of controls the organization has on the certain internet sites being accessed. Although LAN to WAN, web surfing, and internet have some of the same characteristics, they also have different specific IT infrastructures it affects. . For the LAN to Wan AUP, it will goes with the roles and task parts of the user domain. Users would be given access to certain systems, applications, and data depending on their access rights. The AUP is a more of a rulebook for employees to follow when using the organization’s IT assets. If the AUP is violated, it could be grounds for termination from the company. The AUP will set rules for employees...

Words: 1029 - Pages: 5

Premium Essay

Intro to Info Security Project Part 1

...Conduct security awareness training display security awareness posters, insert reminders in banner greetings, and send e-mail reminders to employees. User apathy toward policies • Conduct annual security awareness training, implement acceptable use policy, update staff manual and handbook, discuss dring performance reviews. Workstation Domain Risk, Threat, or Vulnerability Unauthorized access to workstation • Enable password protection on workstations for access. Enable auto screen lockout for inactive time. Unauthorized access to systems, applications, and data • Define strict access control policies, standards, procedures, and guidelines. Implement a second-level test to verify a user’s right to gain access. Account Policies | Password, lockout, and Kerberos settings. | Local Policies | Audit, user rights, and security options. ("Security Options" consist primarily of security-relevant registry values.) | Event Log | Settings for system, application, security and directory service logs. | Restricted Groups | Policy regarding group membership. | System Services | Startup modes and access control for system services. | Registry | Access control for registry keys. | File System | Access control for folders and files. | LAN Multilayer Security * Coverage considerations for wireless LAN (WLAN) users in a branch office * Distance considerations from the closet to the desk for wired clients * Inline power requirements for all IP phone users...

Words: 726 - Pages: 3

Free Essay

It255 Project

...organization. User Domain At Richman Investments the personnel is accountable for the appropriate use of IT assets. Therefore, it is in the best interest of the organization to ensure employees handle security procedures with integrity. It is essential to create a strong AUP (Acceptable Use Policy) procedure and as part of the process, require employees sign an agreement to guarantee they understand and conform to implemented rules and regulations. In addition, the company will conduct security awareness training, annual security exercises, notices about securing information, and constant reminders security is everyone’s responsibility. Workstation Domain The plan to secure the workstation domain enforces a strong password policy on each workstation and also enables screen lockout protection for inactive times. Keeping all workstations with an up to date antivirus is essential. Furthermore, content filtering features will arrange access of specific domain names according to AUP definitions. In addition, workstations will have up-to-date application software and security patches conferring to company guide lines. As part of the workstation security strategy IT will disable the auto-play feature and will enable automatic scan for any external devices that may be connected to the machine. This measure will ensure the content is secure. LAN Domain A priority to the LAN domain...

Words: 779 - Pages: 4

Premium Essay

Richman Investment Sscp

...SSCP for Richman Investments Security Plan Outline for Richman Investments User Domain • Restrict access to data and applications that is not required for employee to do their job. • Review and Revise user conduct and security polices every six months. • Conduct annual security training seminars with system users and staff.   Conducting annual security training for the user in the user domain will cover the Acceptable Use Policy (AUP) for which users will be informed of what is and what is not acceptable use of the system. Workstation Domain • In house testing of operating system updates prior to user workstation deployment. • Strict access control policies and procedures for user access to system and data. • 72 Day password renewal for workstation and 180 day user password renewal. • Content filtering and anti-virus scanning of all incoming data. Quarantine of unknown file types. Securing a user workstation with approved updates will help prevent potential system corruption and in house data from being exposed. LAN Domain • Proper identification and two key turners to be granted access to Data Centers and wiring closets with 24/7 CCTV monitoring. • Periodic LAN vulnerability assessments.     Keeping our LAN under lock and key prevent tampering of with the networks hardware. Access to the LAN devices is the easiest way to compromise a network. LAN to WAN Domain • Disable ping, probing, and port scanning of exterior devices. • Strict monitoring for intrusion...

Words: 308 - Pages: 2

Premium Essay

Project 1

...hardware, software, and data they use. The user domain is the weakest link in an IT infrastructure. Conduct annual security awareness training, implement acceptable use policy, update staff manual and handbook, discuss during performance reviews. 2. Workstation domain: * Roles, tasks, responsibilities and accountability come into play in the workstation domain. Enabling password protection on workstation for access. Enable auto screen lockout for inactive times. 3. LAN domain: * Small network organized by function or department, allowing access to all resources on the LANs. Using NIC cards, Ethernet LAN, LAN switch, UTP cabling are just some ways in connecting to a network. Implementing LAN server and configuration standards procedures and guideline can help a lot in security. 4. LAN-to-WAN domain: * The point at which the IT infrastructure joins a WAN and the Internet.LAN to WAN use different protocols for data transfer. Some are HTTP, FTP, TFTP, Telnet and SSH. A complete list of well know ports numbers from 0 to 1023 is maintained by IANA. Applying file transfer monitoring, scanning and alarming for unknown file types from unknown sources would be a form of security. 5. WAN domain: * The point at which the WAN connects to other WANs via the Internet. What goes on with the WAN domain goes through IP firewalls, IP routers, VPNs, MPLS and more. Encrypting confidential data transmissions though service provider WAN using VPN tunnels could help...

Words: 366 - Pages: 2

Free Essay

It255 Project Part 1

...shortly. This is just a basic plan for the moment and if security breaches continue, more stringent policies will be installed. The Seven Domains of a typical IT infrastructure are as follows, with the corresponding security proposed for each domain. 1.) User domain proposal: Track and monitor abnormal employee behavior and use of IT infrastructure during off-hours. Begin IT access control lockout procedures based on Acceptable use policy (AUP) monitoring and compliance. 2.) Workstation Domain proposal: Use workstation antivirus and malicious code polices, standards, procedures, and guidelines. Enable an automated antivirus protection solution that scans and updates individual workstations with proper protection. 3.) LAN Domain (including wireless LANs) proposals: Implement encryption between workstations and Wireless Access Points (WAPs) to maintain confidentiality. 4.) LAN-to-WAN Domain proposal: Conduct post configuration penetration tests of the layered security solution within the LAN-to WAN Domain. Test inbound and outbound traffic and fix any gaps. 5.) Remote Access Domain proposal: Apply first-level (i.e., user ID and password) and second-level (i.e., tokens, biometrics, and smart cards) security for remote access to sensitive systems, applications, and data. 6.) WAN Domain proposal: Scan all e-mail attachments for type, antivirus, and malicious software at the LAN-to-WAN Domain. Isolate and quarantine unknown file attachments until further security review is conducted...

Words: 335 - Pages: 2

Premium Essay

Network Security Plan

...involved with any network, good planning and policies put into place can mitigate security flaws. The multi-layer security solution can be a useful guideline to start and sustain these security measures within the company. The following topics for security planning will be discussed in a brief and general detail are; User Domain, Workstation Domain, LAN Domain, LAN-to-WAN Domain, Remote Access Domain, WAN Domain, and System/Application Domain. There are many different and unique threats to all domains listed; this report only covers a small portion of ways to mitigate such threats, risks, and vulnerabilities. User Domain In the first layer of the multi-layer security is the user domain. For any user within the company accessing the network on any given workstation or portable device, that user is subjected to the acceptable use policy (AUP). Users are the greatest risk to any network and proper assessment of user policies and the Global Policy configurations need to be well thought out and enforced by these policies. Under this AUP, if violated can be subjected to employee dismal or grounds for punishment actions. Users can be disgruntled employees and can cause serious issues to the network if they have access to sensitive information. (Waxer, 2007) The need to have the IT department working hand to hand with the HR department for quick solutions when dealing with a ex-employee. The IT department can instantly revoke or deny access to any system on the network. The...

Words: 1254 - Pages: 6