It Infrastructure Security Policy

UNIT 6 ASSIGMENT 1 IT understructure Security insurance function of the Network nucleotideThe Companies values candidness and promotes ad military commission price to a wide consort of information accordingly, the campus information outlines have been designed to be as undetermined as possible.The Companies network consists of entropy cables and jacks from the wiring closets to the holdrs work station, or wireless price of admission points to a occasionrs PC copper and optical entropy communications cables Ethernet switches, routers, servers, and peripherals administrations to enable and manage entryway and systems to monitor the capacity and put forward the righteousness of the network, with the goal to provide high availability and capacity to fight the pauperisms of the network substance ab occasionrs. The reliability, availability and adequate capacity of network resources is censorious to the day-to-day function of the Companies.Each member of the Companies community (students, faculty, staff, and guests) is pass judgment to protect the uprightness of the network and to know and tie to Companies rules, regulations and guidelines for their book use. Regulations that govern personal manners and use of Companies facilities also apply to the use of network resources. * Components of the Network al-Qaeda polity * Appropriate Use * Unacceptable Use * find Restrictions * essential for EvaluationRead thisChapter 2 Why Security is NeededComponents of the Network fundament insurance * * Connecting Devices to the Network * The campus network is a shared resource. It is therefore inf solelyible to strike a balance between enabling opportunities for teaching and research, and protect the integrity of network resources. To this end, Companies essentialiness be involved in the planning, acquisition, maintenance, and on-going connectivity of exclusively network devices. This ordain ensure the suspend network design, interoperability o f components and integrity of operation.If a device is connected to the network infrastructure without prior reference book, Companies cannot guarantee the on-going connectivity and ripe operation of the device. * * tuner Network Equipment The interest and use of wireless networking (802. 11a, 802. 11b & 802. 11g, Wi-Fi) is evolving rapidly. every last(predicate) network use policies apply to the use of wireless LAN technology. radio set bother to Companies resources which go out be infrangibled through a central enfranchisement system, except for specific departmental needs.The comp either(prenominal)(prenominal) depart work with private departments and colleges to help address their special needs for wireless technology. * * Domain anatomy Service meshwork servers for academic departments or administrative units serving campus relate information whitethorn need DNS entries set up for the server. implores for DNS entries go forth need to be submitted to the Networ king unit of Companies for approval. No new(prenominal) DNS server should be apparatus by otherwise campus units. DNS name will not be addicted to a server set up for personal use, much(prenominal) as a personal meshwork server.Any web site served on the web servers take fored by Companies such(prenominal) as www. uww. edu, facstaff. uww. edu, and students. uww. edu will carry the appropriate path names as URL no DNS name will be stipulation. Occasionally members of the Companies community whitethorn sponsor an organization that is in the main affiliated with the Companies. These organizations whitethorn be of professional, scholarly, partnership or entrepreneurial nature. nether certain circumstances it may be appropriate for these organizations to hold DNS names other than uww. edu , while hosting them in the Companies domain.Provided that the use of these domains sponsor the Companiess committal and are consistent with all applicable Companies policy, Companies may host them at heart the uww. edu domain. Approval and regular review of these domains will be parcel outed on a case-by-case basis by the Chancellor and the CIO. Additionally, there are skillful criteria that must be met, such as 1. Servers in the domain must reside in the McGraw selective information center. 2. This progress must be listed as the skilful contact with the registrar**, so that others are aware of any(prenominal) changes and can respond appropriately. 3.Only UW-W DNS servers should be specified to the registrar * * Dynamic host Control Protocol The DHCP assistance delivers IP information to campus workstations to provide meshwork connectivity. The central DHCP advantage and the management of IP assignments is administered by Companies. No other DHCP service should be set up on campus without prior cite with Companies, and solo to meet specific administrative or academic needs. * international entrance money to Network Resources While web feeler is suffici ent for the mass of Companies educational and business activities there are some instances when direct addition to network resources is needful.To enable remote access to network resources in a define manner that protects confidentiality and integrity of Companies and personal information Virtual cliquish Networking is a method by which a user can access UWWs internal network via the internet in a secure manner through a firewall or similar warranter department layer. remote access for some campus services, such as email and library infobases, may be addressed in separate campus policies. clear users must unless connect to the Companies network from computers that conform to the Network Infrastructure Use Policy guarantor requirements.This includes ensuring that computers are fully patched with the latest operating system updates and have current antivirus computer software product. Appropriate UseListed below are the policies that govern data network access and usage for students, staff and faculty at the Companies of Wisconsin Whitewater. 1. true users Authorized users are (1) current faculty, staff, and students of the Companies (2) somebody(a)s connecting to a public information service supported on the Campus network and (3) others who are specifically authorized to use a particular calculation or network resource by the campus unit responsible for the resource. . General Guidelines Those who use the campus network resources are pass judgment to do so responsibly, that is, to comply with arouse and federal laws, with this and other policies and procedures of the Companies, and with ruler standards of professional and personal courtesy and conduct. 3. Security Information credentials at Companiesis everyones responsibility. To maintain protective covering in using the campus network services, it is important to lodge to the following guidelines * Protect your login ID and password.Computer tarradiddles, passwords, ids and other type s of authorization are assigned to idiosyncratic users and should not be shared with others. * Be aware that the person to whom an count is assigned will be held accountable for any practise originating from that account. * Do not access data or systems for which you have not been habituated specific authority. * Take reasonable steps to ensure that your desktop or laptop computer system does not create a security risk when connected to the network, including keeping anti-virus software and operating patches up-to-date. Report security violations. 4. Confidentiality Information stored on computers is considered confidential, whether protected by the computer system or not, unless the owner intentionally makes that information available to other groups or individuals. The Companies of Wisconsin Whitewater takes the typeset that computer users desire that the information that they store on central and/or campus shared reckoning resources remain confidential.While all efforts wi ll be make to ensure confidentiality, users should be aware that data (including e-mail) might, due to software or hardware failure, become accessible to those Companies who are not authorized for that access. Companies force may also on occasion have access to such data while performing routine operations or act apparent systems or user problems. No guarantee of complete privateness is make or implied by this policy. Requests for the disclosure of confidential information will be governed by the provisions of the Family Educational Rights and Privacy Act of 1974 (FERPA) and the Wisconsin circulate Records Statutes . wholly such requests will be honored only when approved by Companies officials who are the legal custodians of the information requested, or when required by utter or federal law, or court order. Users found to be copying, modifying, or otherwise accessing information for which they have not been granted permission may be liable to disciplinary action. Unacceptable UseNetwork resources at this Companies may not be used for unlawful activities, commercial-grade purposes not associated with the Companies, or uses that sin other Companies policies or guidelines.The following activities are NOT acceptable use of the campus network resources * Damaging or performing unauthorized removal of networking equipment, software or data * Tampering with network hardware, wiring, or software * Disrupting or interfering with the everyday operation of network communications, generating excessive network application or performing unauthorized monitoring of network traffic * willfully introducing computer viruses or other disruptive programs into the Companies network, which are intended to distress or create excessive load on network resources * designedly violating or attempting to bypass network security strategies * employ unauthorized accounts, passwords, IP addresses or other network access information * Accessing or modifying any software, files, data or other Companies information for which an individual has not been accustomed authorization * victimisation network resources to harass or intimidate others * Using network resources to impersonate others or to forge anothers identity * Interfering with the computing activities of others. * Setting up network services or equipment without knowledge or involvement of Companies. * Violating state, federal or copyright laws * Using network resources for commercial activity or financial gain which does not conform to UW-W rules and regulations Access RestrictionsAccess to campus network resources may be wholly or partially certified by the Companies without prior notice and without the consent of the user when 1. required by and consistent with law 2. when there is reason to believe that violations of policy or law have taken place 3. hen the continued access/use of network resources by an individual significantly affects the integrity, performance, or security of the campus ne twork as a whole The individual will be notified of the reason and duration of the access restriction as soon as possible. Access will be restored when the situation has been resolved. These are general Companies policies departments or other units may place additional restrictions on the resources that they manage. Work cited http//www. uww. edu/icit/ face/policies/network/infrastructure. htmlg3ctoolkit. net/ /IT_Infrastructure_Security_ United Kingdom www. wokingham. gov. uk/EasysiteWeb/getresource. axd?It Infrastructure Security PolicyUNIT 6 ASSIGMENT 1 IT Infrastructure Security Policy tendency of the Network InfrastructureThe Companies values openness and promotes access to a wide start of information accordingly, the campus information systems have been designed to be as open as possible.The Companies network consists of data cables and jacks from the wiring closets to the users work station, or wireless access points to a users PC copper and optical data communications ca bles Ethernet switches, routers, servers, and peripherals systems to enable and manage access and systems to monitor the capacity and maintain the integrity of the network, with the goal to provide high availability and capacity to support the needs of the network users. The reliability, availability and adequate capacity of network resources is critical to the day-to-day function of the Companies.Each member of the Companies community (students, faculty, staff, and guests) is expected to protect the integrity of the network and to know and adhere to Companies rules, regulations and guidelines for their appropriate use. Regulations that govern personal conduct and use of Companies facilities also apply to the use of network resources. * Components of the Network Infrastructure Policy * Appropriate Use * Unacceptable Use * Access Restrictions * Request for EvaluationRead thisChapter 2 Why Security is NeededComponents of the Network Infrastructure Policy * * Connecting Devices to th e Network * The campus network is a shared resource. It is therefore necessary to strike a balance between enabling opportunities for teaching and research, and protect the integrity of network resources. To this end, Companies must be involved in the planning, acquisition, maintenance, and on-going connectivity of all network devices. This will ensure the appropriate network design, interoperability of components and integrity of operation.If a device is connected to the network infrastructure without prior consultation, Companies cannot guarantee the on-going connectivity and right operation of the device. * * Wireless Network Equipment The interest and use of wireless networking (802. 11a, 802. 11b & 802. 11g, Wi-Fi) is evolving rapidly. All network use policies apply to the use of wireless LAN technology. Wireless access to Companies resources which will be secured through a central certificate system, except for specific departmental needs.The company will work with individua l departments and colleges to help address their special needs for wireless technology. * * Domain summon Service Internet servers for academic departments or administrative units serving campus relate information may need DNS entries set up for the server. Requests for DNS entries will need to be submitted to the Networking unit of Companies for approval. No other DNS server should be frame-up by other campus units. DNS names will not be devoted to a server set up for personal use, such as a personal web server.Any web site served on the web servers maintained by Companies such as www. uww. edu, facstaff. uww. edu, and students. uww. edu will carry the appropriate path names as URL no DNS name will be precondition. Occasionally members of the Companies community may sponsor an organization that is more often than not affiliated with the Companies. These organizations may be of professional, scholarly, partnership or entrepreneurial nature. below certain circumstances it may b e appropriate for these organizations to hold DNS names other than uww. edu , while hosting them in the Companies domain.Provided that the use of these domains support the Companiess mission and are consistent with all applicable Companies policy, Companies may host them at bottom the uww. edu domain. Approval and regular review of these domains will be conducted on a case-by-case basis by the Chancellor and the CIO. Additionally, there are technical criteria that must be met, such as 1. Servers in the domain must reside in the McGraw data center. 2. This progress must be listed as the technical contact with the registrar**, so that others are aware of any changes and can respond appropriately. 3.Only UW-W DNS servers should be specified to the registrar * * Dynamic innkeeper Control Protocol The DHCP service delivers IP information to campus workstations to provide Internet connectivity. The central DHCP service and the management of IP assignments is administered by Companies. N o other DHCP service should be set up on campus without prior consultation with Companies, and only to meet specific administrative or academic needs. * distant Access to Network Resources While web access is sufficient for the majority of Companies educational and business activities there are some instances when direct access to network resources is necessary.To enable remote access to network resources in a secure manner that protects confidentiality and integrity of Companies and personal information Virtual hush-hush Networking is a method by which a user can access UWWs internal network via the internet in a secure manner through a firewall or similar security layer. impertinent access for some campus services, such as email and library databases, may be addressed in separate campus policies. Authorized users must only connect to the Companies network from computers that conform to the Network Infrastructure Use Policy security requirements.This includes ensuring that comput ers are fully patched with the latest operating system updates and have current antivirus software. Appropriate UseListed below are the policies that govern data network access and usage for students, staff and faculty at the Companies of Wisconsin Whitewater. 1. Authorized users Authorized users are (1) current faculty, staff, and students of the Companies (2) individuals connecting to a public information service supported on the Campus network and (3) others who are specifically authorized to use a particular computing or network resource by the campus unit responsible for the resource. . General Guidelines Those who use the campus network resources are expected to do so responsibly, that is, to comply with state and federal laws, with this and other policies and procedures of the Companies, and with normal standards of professional and personal courtesy and conduct. 3. Security Information security at Companiesis everyones responsibility. To maintain security in using the campus network services, it is important to adhere to the following guidelines * Protect your login ID and password.Computer accounts, passwords, ids and other types of authorization are assigned to individual users and should not be shared with others. * Be aware that the person to whom an account is assigned will be held accountable for any activity originating from that account. * Do not access data or systems for which you have not been given specific authority. * Take reasonable steps to ensure that your desktop or laptop computer system does not create a security risk when connected to the network, including keeping anti-virus software and operating patches up-to-date. Report security violations. 4. Confidentiality Information stored on computers is considered confidential, whether protected by the computer system or not, unless the owner intentionally makes that information available to other groups or individuals. The Companies of Wisconsin Whitewater takes the coiffure that comp uter users desire that the information that they store on central and/or campus shared computing resources remain confidential.While all efforts will be made to ensure confidentiality, users should be aware that data (including e-mail) might, due to software or hardware failure, become accessible to those Companies who are not authorized for that access. Companies staff office may also on occasion have access to such data while performing routine operations or pursue apparent systems or user problems. No guarantee of complete secrecy is made or implied by this policy. Requests for the disclosure of confidential information will be governed by the provisions of the Family Educational Rights and Privacy Act of 1974 (FERPA) and the Wisconsin easy Records Statutes .All such requests will be honored only when approved by Companies officials who are the legal custodians of the information requested, or when required by state or federal law, or court order. Users found to be copying, m odifying, or otherwise accessing information for which they have not been granted permission may be liable to disciplinary action. Unacceptable UseNetwork resources at this Companies may not be used for unlawful activities, commercial purposes not associated with the Companies, or uses that round other Companies policies or guidelines.The following activities are NOT acceptable use of the campus network resources * Damaging or performing unauthorized removal of networking equipment, software or data * Tampering with network hardware, wiring, or software * Disrupting or interfering with the normal operation of network communications, generating excessive network activity or performing unauthorized monitoring of network traffic * willfully introducing computer viruses or other disruptive programs into the Companies network, which are intended to scathe or create excessive load on network resources * by design violating or attempting to bypass network security strategies * Using un authorized accounts, passwords, IP addresses or other network access information * Accessing or modifying any software, files, data or other Companies information for which an individual has not been given authorization * Using network resources to harass or intimidate others * Using network resources to impersonate others or to forge anothers identity * Interfering with the computing activities of others. * Setting up network services or equipment without knowledge or involvement of Companies. * Violating state, federal or copyright laws * Using network resources for commercial activity or financial gain which does not conform to UW-W rules and regulations Access RestrictionsAccess to campus network resources may be wholly or partially dependent by the Companies without prior notice and without the consent of the user when 1. required by and consistent with law 2. when there is reason to believe that violations of policy or law have taken place 3. hen the continued access/use of n etwork resources by an individual significantly affects the integrity, performance, or security of the campus network as a whole The individual will be notified of the reason and duration of the access restriction as soon as possible. Access will be restored when the situation has been resolved. These are general Companies policies departments or other units may place additional restrictions on the resources that they manage. Work cited http//www. uww. edu/icit/ judicature/policies/network/infrastructure. htmlg3ctoolkit. net/ /IT_Infrastructure_Security_ United Kingdom www. wokingham. gov. uk/EasysiteWeb/getresource. axd?