Professional Documents
Culture Documents
During the requirements meeting with Hugh McBride has stated his top five concerns. They are:
dedicated IP address for the company’s website. If McBride select to host its website by
Yahoo, MSN or etc we must request a Private Key and Certificate Signing Request. The
Private Key must be kept safely and the Certificate Signing Request is required for the
Certificate Authority during the registration process. Upon completion and confirmation
of Hugh McBride’s identity by the Certificate Authority, a CRT file will be provided.
McBride must provide the KEY and CRT file to the webhost for installation of the SSL.
coupled with the eEye Security Management Appliance 1505. Retina provides Network
vulnerabilities plus zero day threats. Network Discovery and Patch Assessment discovers
all devices, operating systems, applications, patch levels and policy configurations.
Finally, the All-In-One Enterprise Security Management couples everything you need
and maintaining logical network connection. With this connection, packets constructed in
a specific VPN protocol format are encapsulated within some other base or carrier
protocol. The packets are transmitted between a VPN client and the server, finally de-
encapsulated on the receiving side. While inside the VPN service, your IP address is
anonymous. The service hides your IP address behind its secured servers.
4. Secure Wi-Fi – Regardless of which wireless router you choose to use, a few simple steps
must be taken. First, change all default passwords and Service Set Identifier (SSID).
Filter wireless connection by MAC addresses only. Finally, disable the SSID
broadcasting. To protect your wired internal network from threats coming over the
wireless network, create a wireless DMZ or perimeter network that's isolated from the
LAN. That means placing a firewall between the wireless network and the LAN. Then
you can require that in order for any wireless client to access resources on the internal
network, he or she will have to authenticate with a remote access server and/or use a
VPN. This provides an extra layer of protection. The typical 802.11b WAP transmits up
to about 300 feet. A directional antenna will transmit the signal in a particular direction,
instead of in a circle like the omni-directional antenna that usually comes built into the
WAP. Thus, through antenna selection you can control both the signal range and its
direction to help protect from outsiders. In addition, some WAPs allow you to adjust
signal strength and direction via their settings. Transmit on a different frequency. One
way to "hide" from hackers who use the more common 802.11b/g wireless technology is
to go with 802.11a instead. Since it operates on a different frequency (the 5 GHz range,
as opposed to the 2.4 GHz range in which b/g operate), NICs made for the more common
wireless technologies will not pick up its signals. Sure, this is a type of "security through
measures. After all, security through obscurity is exactly what we advocate when we tell
people not to let others know their social security numbers and other identification
information.
5. Remote Administrators – The remote administrators can use the same VPN to access or
Important disclaimer: The policy available on this page is only an example and is furnished
merely as an illustration of its category. It is not meant to be taken and used without consultation
with a licensed employment law attorney. If you are in need of a policy for a particular situation,
you should keep in mind that any sample policy such as the one available below would need to
be reviewed, and possibly modified, by an employment law attorney in order to fit your situation
and to comply with the laws of your state. Downloading, printing, or reproducing any of these
policies in any manner constitutes your agreement that you understand this disclaimer and that
you will not use the policy for your company or individual situation without first having it
The use of XYZ Company (Company) automation systems, including computers, fax machines,
and all forms of Internet/Intranet access, is for company business and is to be used for authorized
purposes only. Brief and occasional personal use of the electronic mail system or the Internet is
acceptable as long as it is not excessive or inappropriate, occurs during personal time (lunch or
Use is defined as "excessive" if it interferes with normal job functions, responsiveness, or the
ability to perform daily job activities. Company automation systems are Company resources and
are provided as business communications tools. Electronic communication "should not be used
to solicit or sell products, distract coworkers, or disrupt the workplace." (See the XYZ Company
Use of Company computers, networks, and Internet access is a privilege granted by management
and may be revoked at any time for inappropriate conduct including, but not limited to:
networks or systems;
• Infringing in any way on the copyrights or trademark rights of others;
applications.
Using Company automation systems to create, view, transmit, or receive racist, sexist,
defined as any visual, textual, or auditory entity. Such material violates the Company anti-
harassment policies and is subject to disciplinary action. The Company's electronic mail system
must not be used to violate the laws and regulations of the United States or any other nation or
any state, city, province, or other local jurisdiction in any way. Use of company resources for
illegal activity can lead to disciplinary action, up to and including dismissal and criminal
prosecution.
Unless specifically granted in this policy, any non-business use of the Company's automation
If you violate these policies, you could be subject to disciplinary action up to and including
dismissal.
The Company owns the rights to all data and files in any computer, network, or other
information system used in the Company. The Company reserves the right to monitor computer
and e-mail usage, both as it occurs and in the form of account histories and their content. The
Company has the right to inspect any and all files stored in any areas of the network or on any
types of computer storage media in order to assure compliance with this policy and state and
federal laws. The Company will comply with reasonable requests from law enforcement and
regulatory agencies for logs, diaries, archives, or files on individual computer and e-mail
activities. The Company also reserves the right to monitor electronic mail messages and their
content. Employees must be aware that the electronic mail messages sent and received using
Company equipment are not private and are subject to viewing, downloading, inspection, release,
and archiving by Company officials at all times. No employee may access another employee's
computer, computer files, or electronic mail messages without prior authorization from either the
The Company has licensed the use of certain commercial software application programs for
business purposes. Third parties retain the ownership and distribution rights to such software. No
employee may create, use, or distribute copies of such software that are not in compliance with
the license agreements for the software. Violation of this policy can lead to disciplinary action,
As noted above, electronic mail is subject at all times to monitoring, and the release of specific
information is subject to applicable state and federal laws and Company rules, policies, and
procedures on confidentiality. Existing rules, policies, and procedures governing the sharing of
confidential information also apply to the sharing of information via commercial software. Since
there is the possibility that any message could be shared with or without your permission or
knowledge, the best rule to follow in the use of electronic mail for non-work-related information
is to decide if you would post the information on the office bulletin board with your signature.
It is a violation of Company policy for any employee, including system administrators and
supervisors, to access electronic mail and computer systems files to satisfy curiosity about the
affairs of others. Employees found to have engaged in such activities will be subject to
disciplinary action.
Users are expected to communicate with courtesy and restraint with both internal and external
recipients. Electronic mail should reflect the professionalism of the Company and should not
include language that could be construed as profane, discriminatory, obscene, sexually harassing,
threatening, or retaliatory.
It is recommended that using all capital letters, shorthand, idioms, unfamiliar acronyms, and
slang be avoided when using electronic mail. These types of messages are difficult to read.
Electronic mail messages received should not be altered without the sender's permission; nor
should electronic mail be altered and forwarded to another user and/or unauthorized attachments
This policy applies to all uses of the Internet, but does not supersede any state or federal laws or
The use of Company automation systems is for business purposes only. Brief and occasional
personal use is acceptable as long as it is not excessive or inappropriate, occurs during personal
time (lunch or other breaks), and does not result in expense to the Company.
Use is defined as "excessive" if it interferes with normal job functions, responsiveness, or the
ability to perform daily job activities. Examples of inappropriate use are defined in
"Inappropriate Use of the Internet/Intranet". Managers determine the appropriateness of the use
The Internet is to be used to further the Company's mission, to provide effective service of the
highest quality to the Company's customers and staff, and to support other direct job-related
purposes. Supervisors should work with employees to determine the appropriateness of using the
Internet for professional activities and career development. The various modes of
Internet/Intranet access are Company resources and are provided as business tools to employees
who may use them for research, professional development, and work-related communications.
Limited personal use of Internet resources is a special exception to the general prohibition
Employees are individually liable for any and all damages incurred as a result of violating
All Company policies and procedures apply to employees' conduct on the Internet, especially,
but not exclusively, relating to: intellectual property, confidentiality, company information
Violation of these policies and/or state and federal laws can lead to disciplinary action, up to and
Use of Company computer, network, or Internet resources to access, view, transmit, archive, or
prohibited. "Material" is defined as any visual, textual, or auditory item, file, page, graphic, or
other entity. Such material violates the Company's anti-harassment policies and is subject to
No employee may use the Company's Internet/Intranet facilities to deliberately propagate any
virus, worm, Trojan horse, trap-door program code, or other code or file designed to disrupt,
disable, impair, or otherwise harm either the Company's networks or systems or those of any
The Company's Internet/Intranet facilities and computing resources must not be used to violate
the laws and regulations of the United States or any other nation or any state, city, province, or
other local jurisdiction in any way. Use of Company resources for illegal activity can lead to
Internet/Intranet Security
The Company owns the rights to all data and files in any information system used in the
Company. Internet use is not confidential and no rights to privacy exist. The Company reserves
the right to monitor Internet/Intranet usage, both as it occurs and in the form of account histories
and their content. The Company has the right to inspect any and all files stored in private areas of
the network or on any types of computer storage media in order to assure compliance with this
policy and state and federal laws. The Company will comply with reasonable requests from law
enforcement and regulatory agencies for logs, diaries, archives, or files on individual Internet
activities.
Existing rules, policies, and procedures governing the sharing of work-related or other
confidential information also apply to the sharing of information via the Internet/Intranet. Please
refer to the appropriate program handbook [Name of Handbook], the Confidentiality Guidelines,
and the Company rules regarding the release of confidential information. The Company has
taken the necessary actions to assure the safety and security of our network. Any employee who
1.0 Purpose
The purpose of this policy is to provide guidelines for Remote Access IPSec or L2TP Virtual
2.0 Scope
This policy applies to all <Company Name> employees, contractors, consultants, temporaries,
and other workers including all personnel affiliated with third parties utilizing VPNs to access
the <Company Name> network. This policy applies to implementations of VPN that are directed
Approved <Company Name> employees and authorized third parties (customers, vendors, etc.)
may utilize the benefits of VPNs, which are a "user managed" service. This means that the user is
responsible for selecting an Internet Service Provider (ISP), coordinating installation, installing
any required software, and paying associated fees. Further details may be found in the Remote
1. It is the responsibility of employees with VPN privileges to ensure that unauthorized users are
2. VPN use is to be controlled using either a one-time password authentication such as a token
3. When actively connected to the corporate network, VPNs will force all traffic to and from the
4. Dual (split) tunneling is NOT permitted; only one network connection is allowed.
5. VPN gateways will be set up and managed by <Company Name> network operational groups.
6. All computers connected to <Company Name> internal networks via VPN or any other
technology must use the most up-to-date anti-virus software that is the corporate standard
7. VPN users will be automatically disconnected from <Company Name>'s network after thirty
minutes of inactivity. The user must then logon again to reconnect to the network. Pings or other
artificial network processes are not to be used to keep the connection open.
8. The VPN concentrator is limited to an absolute connection time of 24 hours.
9. Users of computers that are not <Company Name>-owned equipment must configure the
11. By using VPN technology with personal equipment, users must understand that their
machines are a de facto extension of <Company Name>'s network, and as such are subject to the
same rules and regulations that apply to <Company Name>-owned equipment, i.e., their
4.0 Enforcement
Any employee found to have violated this policy may be subject to disciplinary action, up to and
Resources:
http://www.eeye.com/html/products/remappliance/
http://www.eeye.com/html/assets/pdf/ApplianceMatrix.pdf
http://articles.techrepublic.com.com/5100-10878_11-5876956.html
http://articles.techrepublic.com.com/5100-10878_11-1047941.html
http://techrepublic.com.com/5100-6350_11-5807148.html