Networkconfiguration policy Standart: ISO/IEC 27002 Authors: L. Jonikas, R. Garnys, A. Kazlauskas, R.
Lazauskas Organisation: The Best Education Inc. Version: 1.0 Date: 22.
01.2018 Contents 1. Purpose. 2 2. Scope. 3 3. Policy.
3 4. Responsibilities. 5 5. Policy Compliance. 5 5.1 Actions to ensure policy compliance. 5 5.
2 Exceptions to policy. 5 5.3 Results of not following this network policy. 5 1.Purpose Protect stored data andIT systems on the best education inc.
network by ensuring safe and fastoperationality of network devices with secure configurations. 2.Scope This policy applies toall the best education inc. information systems and all network devices:Desktops, routers, servers, switches, etc. 3.Policy All information systemsthat sends, receives or stores the best education inc.
data must be configured bystandard set by network configuration policy. Software based entities, like webservers or databases should have their own standard configuration managed bypeople responsible for software management. All computer networkdevices should follow these directions: 1. All passwords that areused to configure routers should be encrypted by SSH protocol. 2. Guidelines that, should be applied to routers:· Use access lists to filter internettraffic.· Block broadcast traffic.· Most important routers should be placed atsecure locations.
· Internet ports that are not used should bedisabled. 3. The following servicesmust be configured and running:· SSH· TELNET· VPN 4. Most network devicesshould receive constant updates to ensure that there is no software based securityweaknesses. 5.
When users login torouter they should be greeted with by following statement: “ONLYPEOPLE WITH SPECIAL PERMISSIONS MAY ACCESS OR CONFIGURE THIS NETWORK DEVICE. Activityon this network device will be recorded therefore, you may receive disciplinaryactions or face charges if you illegally use or configure this device.” 6. All network devices shoulduse static routing. 4.Responsibilities Computer networkadministrator is responsible for insuring that all network devices arefollowing this policy. It is required to test security of all network devicesevery year, to guarantee that computer network is secure. 5.
Policy Compliance 5.1 Actions to ensurepolicy compliance The best education inc.network administrators will make sure that standards of this policy are beingfollowed by monitoring network devices and employees. 5.
2 Exceptions to policy Some standards of thispolicy may be avoided but only with the best education inc. networkadministrator permission.5.3 Results of not following this networkpolicy The employee that is notfollowing this network policy may receive disciplinary action against him oreven lose his job.