Week 2 Essay
Johnathan Terrance
NT2580: Introduction to Information Security
Brian Alley
May 10, 2014

I have been given the task of designing a remote access control policy for establishing secure access between remote offices across several different states. Establishing this policy will protect the company and employees against attacks that may cost them tons of money and even their jobs. The policy will define several different security practices that employees need to adhere to in order to keep the network safe. These policies will be dictated through an AUP and signed by all employees with access to the network. The employees will also have to go through initial information security training before gaining access to the network. This training will also be required annually in order to maintain their access to the network. The AUP will dictate the requirements for passwords. The requirements will include an eight character alphanumeric password, two uppercase letters, two lowercase letters, two special characters, and two numbers. This will make it more difficult for the password to be breached. The AUP will also state that the company systems will only be used for work related purposes. All social networking sites and many other miscellaneous sites will be blocked. The user will also have to consent to monitoring when signing the AUP. Users will only be given access to files they need through the use of an ACL. This way if a password is breached the hacker will only gain access to a certain section of information rather than the whole system. All remote employees will have to sign on to the network via VPN. This will ensure that the connection between them and the network is a secure one. Employees connecting through VPN will have to use a smartcard and pin in order to access the network. Employees will also be encouraged not to use public Wi-Fi