Network
configuration policy
Standart:
ISO/IEC 27002
Authors:
L. Jonikas, R. Garnys, A. Kazlauskas, R. Lazauskas
Organisation:
The Best
Education Inc.
Version:
1.0
Date:
22.01.2018
Contents
1. Purpose. 3
2. Scope. 3
3. Policy. 3
4. Responsobilities. 5
5. Policy Compliance. 5
5.1 Actions to ensure
policy compliance. 5
5.2 Exceptions to policy. 5
5.3 Results of not
following this network policy. 5
6. References: 6
1.
Purpose
Protect stored data and
IT systems on the best education inc. network by ensuring safe and fast
operationality of network devices with secure configurations.
2.
Scope
This policy applies to
all the best education inc. information systems and all network devices:
Desktops, routers, servers, switches, etc.
3.
Policy
All information systems
that sends, receives or stores the best education inc. data must be configurated by standard set by network configuration
policy. Software based entities, like web servers or databases should have
their own standard configuration managed by people responsible for software
management.
All routers should follow these network configuration standards:
1. All passwords that are
used to configure routers should be encrypted by SSH protocol.
2. The following services should be disabled by
access control lists:
X
X
X
3. The following services
must be configured:
X
X
X
4. Most network devices
should receive constant updates to ensure that there is no software based security
weaknesses.
5. In every router user
should be greeted with by following statement:
“UNAUTHORIZED ACCESS
TO THIS NETWORK DEVICE IS PROHIBITED. You must have explicit permission to
access or configure this device. All activities performed on this device may be
logged, and violations of this policy may result in disciplinary action, and
may be reported to law enforcement. There is no right to privacy on this
device. Use of this system shall constitute consent to monitoring.”
(Consensus Policy Resource Community 2014)
6. All network devices should
use static routing.
4.
Responsibilities
Computer network
administrator is responsible for insuring that all network devices are
following this policy. It is required to test security of all network devices
every year, to guarantee that computer network is secure.
5.
Policy Compliance
5.1 Actions to ensure
policy compliance
The best education inc.
network administrators will make sure that standards of this policy are being
followed by monitoring network devices and employees.
5.2 Exceptions to policy
Some standards of this
policy may be avoided, but only with the best education inc. network
administrator permission.
5.3 Results of not following this network
policy
Employee that is not
following this network policy may receive disciplinary action against him, or
even lose his job.
6.
References:
1. Consensus Policy Resource
Community, Router and Switch Security Policy, 2014. Available from:
January 2018.