Monday, January 14, 2019
It Infrastructure Security Policy
UNIT 6 ASSIGMENT 1 IT pedestal Security Policy Purpose of the cyberspace InfrastructureThe Companies values b arness and promotes approach shot to a wide range of study accordingly, the campus reading organisations produce been knowing to be as open as possible.The Companies scratch consists of development cables and lift from the wiring clo commits to the enforcers work station, or wireless opening points to a exploiters PC copper and optical selective information communications cables Ethernet switches, routers, bonifaces, and peripherals systems to change and direct entrance money and systems to monitor the capacity and maintain the righteousness of the profits, with the goal to result game availableness and capacity to support the studys of the net profit drillrs. The reliability, availability and fitting capacity of web resources is critical to the day-to-day function of the Companies.Each genus Phallus of the Companies federation (students, fac ulty, staff, and guests) is expected to protect the integrity of the internet and to know and sting to Companies rules, regulations and guidelines for their confiscate use. Regulations that govern person-to-person conduct and use of Companies facilities similarly agree to the use of electronic net income resources. * Components of the meshwork Infrastructure Policy * allot riding habit * unsatisfactory Use * Access Restrictions * Request for EvaluationRead thisChapter 2 why Security is NeededComponents of the Network Infrastructure Policy * * Connecting Devices to the Network * The campus net profit is a sh ard resource. It is thitherfore necessary to strike a remnant among enabling opport social unities for teaching and research, and protecting the integrity of network resources. To this end, Companies must be involved in the planning, acquisition, maintenance, and on-going connectivity of each network devices. This leave behind go over the book network desig n, interoperability of components and integrity of carrying into action.If a device is connected to the network theme without prior consultation, Companies cannot guarantee the on-going connectivity and proper operation of the device. * * Wireless Network Equipment The undermentioned and use of wireless networking (802. 11a, 802. 11b & 802. 11g, Wi-Fi) is evolving rapidly. All network use policies defy to the use of wireless LAN technology. Wireless gravel to Companies resources which give be secured through and through a central authentication system, except for special(a) departmental needs.The company allow for work with individual departments and colleges to help regale their excess needs for wireless technology. * * Domain Name Service net income servers for academician departments or administrative units serving campus related information whitethorn need DNS entries band up for the server. Requests for DNS entries go forth need to be submitted to the Netw orking unit of Companies for approval. No oppositewise DNS server should be setup by an other(prenominal) campus units. DNS name calling will not be given to a server set up for in the flesh(predicate) use, much(prenominal) as a personal weathervane server.Any web site served on the web servers maintained by Companies such as www. uww. edu, facstaff. uww. edu, and students. uww. edu will carry the appropriate path label as URL no DNS name will be given. once in a trance members of the Companies confederation whitethorn sponsor an organization that is loosely affiliated with the Companies. These organizations whitethorn be of professional, scholarly, partnership or entrepreneurial nature. Under certain stack it may be appropriate for these organizations to hold DNS names other than uww. edu , musical composition hosting them in the Companies domain.Provided that the use of these domains support the Companiess mission and are reconciled with all applicable Companies p olicy, Companies may host them within the uww. edu domain. Approval and fixity round off of these domains will be conducted on a case-by-case background by the Chancellor and the CIO. Additionally, there are technical criteria that must be met, such as 1. Servers in the domain must reside in the McGraw selective information center. 2. This progress must be listed as the technical butt with the record-keeper**, so that others are alive(predicate) of any changes and can oppose appropriately. 3.Only UW-W DNS servers should be specified to the registrar * * Dynamic Host Control protocol The DHCP good delivers IP information to campus workstations to provide Internet connectivity. The central DHCP table service and the direction of IP assignments is administered by Companies. No other DHCP service should be set up on campus without prior consultation with Companies, and only to oppose particularised administrative or academic needs. *Remote Access to Network Resources plot of land web approach path is sufficient for the majority of Companies educational and stock activities there are near instances when direct access to network resources is necessary.To enable outback(a) access to network resources in a secure behavior that protects confidentiality and integrity of Companies and personal information Virtual Private Networking is a system by which a user can access UWWs inner network via the internet in a secure manner through a firewall or similar security measure layer. Remote access for some campus services, such as email and library databases, may be intercommunicate in separate campus policies. Authorized users must only connect to the Companies network from information processing systems that adapt to the Network Infrastructure Use Policy security requirements.This includes ensuring that computers are in full patched with the latest operating system updates and cast off menstruum antivirus software. Appropriate UseListed below are th e policies that govern data network access and enjoyment for students, staff and faculty at the Companies of Wisconsin Whitewater. 1. Authorized users Authorized users are (1) authentic faculty, staff, and students of the Companies (2) individuals connecting to a public information service supported on the Campus network and (3) others who are specifically authorized to use a particular reason or network resource by the campus unit accountable for the resource. . universal Guidelines Those who use the campus network resources are expected to do so responsibly, that is, to combine with state and federal official lawfulnesss, with this and other policies and procedures of the Companies, and with universal standards of professional and personal ingenuity and conduct. 3. Security Information security at Companiesis everyones responsibility. To maintain security in using the campus network services, it is important to adhere to the following guidelines * treasure your login I D and password.Computer accounts, passwords, ids and other types of authorization are assigned to individual users and should not be shared with others. * Be aware that the person to whom an account is assigned will be held accountable for any activity originating from that account. * Do not access data or systems for which you gull not been given specific authority. * adjudge sensible steps to ensure that your desktop or laptop computer system does not take a crap a security risk when connected to the network, including property anti-virus software and operating patches up-to-date. Report security violations. 4. Confidentiality Information stored on computers is considered confidential, whether protected by the computer system or not, unless the owner advisedly makes that information available to other groups or individuals. The Companies of Wisconsin Whitewater takes the position that computer users go for that the information that they store on central and/or campus share d computing resources stop confidential.While all efforts will be made to ensure confidentiality, users should be aware that data (including e-mail) might, due to software or hardware failure, perform come-at-able to those Companies who are not authorized for that access. Companies personnel may also on occasion have access to such data while performing routine operations or pursuing apparent systems or user problems. No guarantee of complete privacy is made or implied by this policy. Requests for the disclosure of confidential information will be governed by the provender of the Family Educational Rights and Privacy Act of 1974 (FERPA) and the Wisconsin Open Records Statutes .All such requests will be honored only when approved by Companies officials who are the healthy custodians of the information requested, or when required by state or federal law, or court order. Users found to be copying, modifying, or otherwise accessing information for which they have not been granted p ermission may be reasonable to disciplinary action. Unacceptable UseNetwork resources at this Companies may not be utilize for unconventional activities, commercial purposes not associated with the Companies, or uses that violate other Companies policies or guidelines.The following activities are NOT acceptable use of the campus network resources * alter or performing unauthorised removal of networking equipment, software or data * tamper with network hardware, wiring, or software * Disrupting or interfering with the normal operation of network communications, generating undue network activity or performing unauthorized monitoring of network traffic * Willfully introducing computer viruses or other disruptive programs into the Companies network, which are intended to damage or create excessive load on network resources * Intentionally violating or attempting to short-circuit network security strategies * development unauthorized accounts, passwords, IP addresses or other ne twork access information * Accessing or modifying any software, files, data or other Companies information for which an individual has not been given authorization * Using network resources to harass or intimidate others * Using network resources to puzzle others or to forge anothers identity * Interfering with the computing activities of others. * Setting up network services or equipment without knowledge or involvement of Companies. * Violating state, federal or copyright laws * Using network resources for commercial activity or pecuniary gain which does not conform to UW-W rules and regulations Access RestrictionsAccess to campus network resources may be wholly or partially restricted by the Companies without prior tag and without the consent of the user when 1. required by and consistent with law 2. when there is reason to believe that violations of policy or law have interpreted clothe 3. hen the continued access/use of network resources by an individual significantly affec ts the integrity, performance, or security of the campus network as a whole The individual will be notified of the reason and era of the access restriction as soon as possible. Access will be restored when the situation has been resolved. These are general Companies policies departments or other units may place additional restrictions on the resources that they manage. Work cited http//www. uww. edu/icit/governance/policies/network/infrastructure. htmlg3ctoolkit. net/ /IT_Infrastructure_Security_ joined Kingdom www. wokingham. gov. uk/EasysiteWeb/getresource. axd?It Infrastructure Security PolicyUNIT 6 ASSIGMENT 1 IT Infrastructure Security Policy Purpose of the Network InfrastructureThe Companies values openness and promotes access to a wide range of information accordingly, the campus information systems have been designed to be as open as possible.The Companies network consists of data cables and jacks from the wiring closets to the users work station, or wireless access point s to a users PC copper and optical data communications cables Ethernet switches, routers, servers, and peripherals systems to enable and manage access and systems to monitor the capacity and maintain the integrity of the network, with the goal to provide high availability and capacity to support the needs of the network users. The reliability, availability and adequate capacity of network resources is critical to the day-to-day function of the Companies.Each member of the Companies community (students, faculty, staff, and guests) is expected to protect the integrity of the network and to know and adhere to Companies rules, regulations and guidelines for their appropriate use. Regulations that govern personal conduct and use of Companies facilities also apply to the use of network resources. * Components of the Network Infrastructure Policy * Appropriate Use * Unacceptable Use * Access Restrictions * Request for EvaluationRead thisChapter 2 Why Security is NeededComponents of the Ne twork Infrastructure Policy * * Connecting Devices to the Network * The campus network is a shared resource. It is therefore necessary to strike a balance between enabling opportunities for teaching and research, and protecting the integrity of network resources. To this end, Companies must be involved in the planning, acquisition, maintenance, and on-going connectivity of all network devices. This will ensure the appropriate network design, interoperability of components and integrity of operation.If a device is connected to the network infrastructure without prior consultation, Companies cannot guarantee the on-going connectivity and proper operation of the device. * * Wireless Network Equipment The interest and use of wireless networking (802. 11a, 802. 11b & 802. 11g, Wi-Fi) is evolving rapidly. All network use policies apply to the use of wireless LAN technology. Wireless access to Companies resources which will be secured through a central authentication system, except for specific departmental needs.The company will work with individual departments and colleges to help address their special needs for wireless technology. * * Domain Name Service Internet servers for academic departments or administrative units serving campus related information may need DNS entries set up for the server. Requests for DNS entries will need to be submitted to the Networking unit of Companies for approval. No other DNS server should be setup by other campus units. DNS names will not be given to a server set up for personal use, such as a personal web server.Any web site served on the web servers maintained by Companies such as www. uww. edu, facstaff. uww. edu, and students. uww. edu will carry the appropriate path names as URL no DNS name will be given. Occasionally members of the Companies community may sponsor an organization that is loosely affiliated with the Companies. These organizations may be of professional, scholarly, partnership or entrepreneurial nature. Und er certain circumstances it may be appropriate for these organizations to hold DNS names other than uww. edu , while hosting them in the Companies domain.Provided that the use of these domains support the Companiess mission and are consistent with all applicable Companies policy, Companies may host them within the uww. edu domain. Approval and regular review of these domains will be conducted on a case-by-case basis by the Chancellor and the CIO. Additionally, there are technical criteria that must be met, such as 1. Servers in the domain must reside in the McGraw data center. 2. This progress must be listed as the technical contact with the registrar**, so that others are aware of any changes and can respond appropriately. 3.Only UW-W DNS servers should be specified to the registrar * * Dynamic Host Control Protocol The DHCP service delivers IP information to campus workstations to provide Internet connectivity. The central DHCP service and the management of IP assignments is admin istered by Companies. No other DHCP service should be set up on campus without prior consultation with Companies, and only to meet specific administrative or academic needs. *Remote Access to Network Resources While web access is sufficient for the majority of Companies educational and business activities there are some instances when direct access to network resources is necessary.To enable remote access to network resources in a secure manner that protects confidentiality and integrity of Companies and personal information Virtual Private Networking is a method by which a user can access UWWs internal network via the internet in a secure manner through a firewall or similar security layer. Remote access for some campus services, such as email and library databases, may be addressed in separate campus policies. Authorized users must only connect to the Companies network from computers that conform to the Network Infrastructure Use Policy security requirements.This includes ensuring that computers are fully patched with the latest operating system updates and have current antivirus software. Appropriate UseListed below are the policies that govern data network access and usage for students, staff and faculty at the Companies of Wisconsin Whitewater. 1. Authorized users Authorized users are (1) current faculty, staff, and students of the Companies (2) individuals connecting to a public information service supported on the Campus network and (3) others who are specifically authorized to use a particular computing or network resource by the campus unit responsible for the resource. . General Guidelines Those who use the campus network resources are expected to do so responsibly, that is, to comply with state and federal laws, with this and other policies and procedures of the Companies, and with normal standards of professional and personal courtesy and conduct. 3. Security Information security at Companiesis everyones responsibility. To maintain security in usin g the campus network services, it is important to adhere to the following guidelines * Protect your login ID and password.Computer accounts, passwords, ids and other types of authorization are assigned to individual users and should not be shared with others. * Be aware that the person to whom an account is assigned will be held accountable for any activity originating from that account. * Do not access data or systems for which you have not been given specific authority. * Take reasonable steps to ensure that your desktop or laptop computer system does not create a security risk when connected to the network, including keeping anti-virus software and operating patches up-to-date. Report security violations. 4. Confidentiality Information stored on computers is considered confidential, whether protected by the computer system or not, unless the owner intentionally makes that information available to other groups or individuals. The Companies of Wisconsin Whitewater takes the positio n that computer users desire that the information that they store on central and/or campus shared computing resources remain confidential.While all efforts will be made to ensure confidentiality, users should be aware that data (including e-mail) might, due to software or hardware failure, become accessible to those Companies who are not authorized for that access. Companies personnel may also on occasion have access to such data while performing routine operations or pursuing apparent systems or user problems. No guarantee of complete privacy is made or implied by this policy. Requests for the disclosure of confidential information will be governed by the provisions of the Family Educational Rights and Privacy Act of 1974 (FERPA) and the Wisconsin Open Records Statutes .All such requests will be honored only when approved by Companies officials who are the legal custodians of the information requested, or when required by state or federal law, or court order. Users found to be copy ing, modifying, or otherwise accessing information for which they have not been granted permission may be liable to disciplinary action. Unacceptable UseNetwork resources at this Companies may not be used for unlawful activities, commercial purposes not associated with the Companies, or uses that violate other Companies policies or guidelines.The following activities are NOT acceptable use of the campus network resources * Damaging or performing unauthorized removal of networking equipment, software or data * Tampering with network hardware, wiring, or software * Disrupting or interfering with the normal operation of network communications, generating excessive network activity or performing unauthorized monitoring of network traffic * Willfully introducing computer viruses or other disruptive programs into the Companies network, which are intended to damage or create excessive load on network resources * Intentionally violating or attempting to bypass network security strategies * Using unauthorized accounts, passwords, IP addresses or other network access information * Accessing or modifying any software, files, data or other Companies information for which an individual has not been given authorization * Using network resources to harass or intimidate others * Using network resources to impersonate others or to forge anothers identity * Interfering with the computing activities of others. * Setting up network services or equipment without knowledge or involvement of Companies. * Violating state, federal or copyright laws * Using network resources for commercial activity or financial gain which does not conform to UW-W rules and regulations Access RestrictionsAccess to campus network resources may be wholly or partially restricted by the Companies without prior notice and without the consent of the user when 1. required by and consistent with law 2. when there is reason to believe that violations of policy or law have taken place 3. hen the continued access/ use of network resources by an individual significantly affects the integrity, performance, or security of the campus network as a whole The individual will be notified of the reason and duration of the access restriction as soon as possible. Access will be restored when the situation has been resolved. These are general Companies policies departments or other units may place additional restrictions on the resources that they manage. Work cited http//www. uww. edu/icit/governance/policies/network/infrastructure. htmlg3ctoolkit. net/ /IT_Infrastructure_Security_ United Kingdom www. wokingham. gov. uk/EasysiteWeb/getresource. axd?
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment