Free Essay

Access Control Policy

In: Computers and Technology

Submitted By madhatter901
Words 451
Pages 2
Overview
Nelleo Networking and Technology main focuses is to prevent unauthorized access to all available resources, data computers and information systems on the network. Every employee and supporting staff that has a User name and password to the organizations network must follow this policy

Purpose Malicious attacks from hackers are common on the network. Therefore it is up every employee and supporting staff to help protect the network and its resources, including data, from unauthorized access.

Scope This policy was created to insure that the company stays in adherence to governmental laws that requires the organization to protect vital information that may be damaging to its employees and customers.

Access Control
• Allow employees and supporting staff will submit a request to the IT Department for access to the network. The requester will have his/her supervisor and manager sign off on the request listing all of the resources the employee will need access to.
• Once the employee receives the approval for a user account, the employee will then come to the IT department where they will receive a CAC card for access to the network.
• Upon logging in for the first time the employee will be require to change his/her password in accordance with the Password Policy.

UserID Obligations
• At no given time will you give your CAC card to another employee. This will be considered a violation and a dispensary action will be taken.
• Your CAC card also acts as your personal identification badge and will be worn at all times. If you are caught not wearing your badge you will be instructed to put it on. Failure to produce your own personal identification badge (CAC card) will result in a dispensary action.

Remote Access
• Any employee or supporting staff that requires remote access must submit a request to the IT department.
• Upon approval, the employee will receive a personal laptop that will be used at all times when remotely accessing the network.
• Remotely accessing the network from any other computer or laptop that has not been issued or approved by Nelleo Networking and Technology is strictly forbidden.
• Employees and supporting staff will sign a statement of agreement before remote access is granted and laptop is issued.
• Remote Access users will not be allowed to access the network outside of normal working hours. Working hours : o Mon.-Fri. 07:00 am to 8:00 pm o Access will not be allowed on holidays and weekends.

Guidelines After reading this policy all employees will be required to sign a statement acknowledging that they fully understand the “Nelleos Networking and Technology Access Control Policy”. If you have any questions regarding this policy please feel free to contact the IT department.

Similar Documents

Premium Essay

Richman Investments Remote Access Control Policy

...also known as the syntax layer, it translates each computers syntax into a common transfer syntax so that it can be read by the other computer on the network it also provides file compression and encryption. It lets the computers on the network talk to each other • Session Layer 5- This layer establishes, manages and terminates connections between applications, this layer sets up, coordinates and terminates conversations at each end. It puts all the data together to make the connection needed to make these exchanges • Transport layer 4-“This layer provides transparent transfer of data between end systems, or hosts, and is responsible for end-to-end error recovery and flow control. It ensures complete data transfer” (Webopedia) this layer makes sure that the message stays intact and also handles flow control to ensure a smooth flow of traffic from end to end traffic. • Network Layer 3 –This layer deals with creating a logical path for transmitting data from computer to computer through routers and switches. It manages addressing ,internetworking , congestion, and error handling also puts segments into packets • Data Layer 2- This layer assigns the appropriate protocol to the data and the type of network and packet sequence is defined • Physical Layer 1-This is the layer that handles the actual hardware, this means the network connections voltage levels and timing ......

Words: 606 - Pages: 3

Premium Essay

Access Control

...Access controls can be applied in various forms, levels of restriction, and at different places within a computing system. A combination of access controls can provide a system with layered defense-in-depth protection. Instructions: For the scenarios that follow, identify the data that would need to be protected. Recommend how you would implement one or more of the access controls (listed after the scenarios) for the given scenario and justify your recommendation. Scenarios: 1. Shovels and Shingles is a small construction company consisting of 12 computers that have Internet access. 2. Top Ads is a small advertising company consisting of 12 computers that have Internet access. All employees communicate using smartphones. 3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have Internet access and 45,000 servers. All employees communicate using smartphones and e-mail. Many employees work from home and travel extensively. 4. Backordered Parts is a defense contractor that builds communications parts for the military. All employees communicate using smartphones and e-mail. 5. Confidential Services Inc. is a military-support branch consisting of 14,000,000 computers with Internet access and 250,000 servers. All employees must have security clearances, and they communicate mainly using BlackBerry devices and e-mail. Access Controls * Administrative controls: Policies approved by management and passed down to......

Words: 304 - Pages: 2

Premium Essay

Access Controls

...Remote access control policy definition Richman Investments firm Remote access control policy The following is the firm remote access control policy. The policy will be listing the appropriate access controls for systems, applications and data access. We will be providing a description on each type of access. It is our mission to preserve and protect the Confidentiality, Availability and Integrity of our Firms Information System. 1. Systems Access Control. A. Users are required to use a user ID with password and smart card for accessibility. B. Remote Users are required to use a user ID with password and software token for accessibility. C. All users most change user password every 30 days. D. Users will only have access to their branch office. E. User’s logins will be recorded. F. Only authorized users will be allowed access to their respected system. G. Management users will have access to their own branch office and also to Head Quarters office. H. Desk top, mobile and wireless devices most be loaded with up to date firm ware, OS software and patches. 2. Application Access Control. A. Users will be assigned rights to use individual application. B. Users will have to use first and second layer of authentication to gain access to their application. C. Users will be recorded using application. D. IT Administration is responsible for running monthly application test. E. Applications will be tested for......

Words: 383 - Pages: 2

Premium Essay

Richman Investment Remote Access Control Policy

...Richman Investment Richman Investment Remote Access Control Policy Document Remote Access Control Policy Document 01/14/14 01/14/14 Contents 1 Policy Statement 4 2 Purpose 4 3 Scope 4 4 Definition 4 5 Risks 4 6 Applying the Policy - Passwords 5 6.1 Choosing Passwords 5 6.1.1 Weak and strong passwords 5 6.2 Protecting Passwords 5 6.3 Changing Passwords 5 6.4 System Administration Standards 6 7 Applying the Policy – Employee Access 6 7.1 User Access Management 6 7.2 User Registration 6 7.3 User Responsibilities 6 7.4 Network Access Control 7 7.5 User Authentication for External Connections 7 7.6 Supplier’s Remote Access to the Council Network 7 7.7 Operating System Access Control 7 7.8 Application and Information Access 8 8 Policy Compliance 8 9 Policy Governance 8 10 Review and Revision 9 11 References 9 12 Key Messages 9 13 Appendix 1 10 Policy Statement Richman Investments will establish specific requirements for protecting information and information systems against unauthorised access. Richman Investments will effectively communicate the need for information and information system access control. Purpose Information security is the protection of information against accidental or malicious disclosure, modification or destruction. Information is an important, valuable asset of Richman Investments which must be managed with care. All information has a value to the Council. However, not all of this information has an......

Words: 2211 - Pages: 9

Premium Essay

Remote Access Control Policy Definition

...Remote Access Control Policy Definition Introduction to Information Security Remote access is the ability to log onto a network from a distant location. Generally, this implies a computer, a modem, and some remote access software to connect to the network. Whereas remote control refers to taking control of another computer, remote access means that the remote computer actually becomes a full-fledged host on the network. The remote access software dials in directly to the network server. The only difference between a remote host and workstations connected directly to the network is slower data transfer speeds. The purpose of a remote access policy is to define the standard connection to the company’s network from any remote host, untrusted host and remote network, including untrusted hosts on the company’s intranet. These standards are designed to minimize the potential exposure to the company’s from damages, which may result from unauthorized use of the company’s resources. At the main location, a set switches and routers are interconnected to from a Wide Area Network. The switches can be connected in different topologies. All remote users must follow the security requirements set forth in the standard for the company’s remote host accessing Information Technology Resources prior to such access, as well as any guidelines, procedures or other requirements issued by the Information Technology Department. Within the virtual private network multiple Virtual Private Network......

Words: 660 - Pages: 3

Premium Essay

Remote Access Control Policy Definition

...The following are types of Remote Access Control Policy I would like to put into place to make sure our company’s data is secure. We need to get the right security measures so the correct people can have access to the data they need to do their job. I would start by setting up a Remote Authentication Dial-In User Service (RADIUS), a VPN, Firewall, Local Biometrics, RSA – F.O.B. by using a security key carried by the employee or set it up on the local server. I would start in the Main office that is located in Phoenix, AZ by install a RADUIS, this is a client/server protocol that runs in the application layer and will connect all the employee and visitor to the server. In the main office, we need to set up a database with all username and passwords for the employees’. At all the satellite facilities, we need to set up the proper VPN, Firewall protection as well as setting up some type of biometric logon system or a random number generator where a user will be given a security key and they will need to input that when they log on to the system. We need to set up the password system to reset every 3 months and set up a password remembrance. For the mobile devices that the sales department will need, I would suggest to encrypt the local hard drives if stolen and set up biometric thumb scanner as well as a security key require to log on to their systems....

Words: 261 - Pages: 2

Premium Essay

Remote Access Control Policy

...Remote Access Control Policy Definition What is remote access? Remote access is the ability to log onto a network from a distant location. What that means that a computer, a modem, and some kind of remote access software is required to connect to the network. But remote control refers to actually taking control of another computer, whereas remote access means that the remote computer has the ability to become a hot on the network. When you use remote access software it will directly dial into the network server. There is a difference between a remote host and workstations that are connected directly to the network is the slower data transfer speeds. What the purpose behind a remote access policy is to define the standard hosts on the company’s intranet from the remote host, non-trusted hosts (on the company’s intranet too), and remote network. These standards are setup to minimize any potential exposure to the company’s network and data from any damages, which are a result of unauthorized access by attackers through the network, virus, software, and more. When it comes to the main location of the company, it will have a Wide Area Network (WAN), along with the WAN there will be a set of switches and routers connected to and from the WAN. This allows for the switches to be connected to different topologies. A Virtual Private Network (VPN) will be created using Internet Protocol (IP) by the company’s IT department. Within the VPN there will be other VPN routers will......

Words: 889 - Pages: 4

Premium Essay

Simple Access Control Policy

...1. Purpose This policy establishes the Access Control Policy for <Company>. <COMPANY> implements access controls across its networks, systems, and services in order to provide appropriate user access while ensuring proper security of data confidentiality, integrity, and availability. Human threats are the primary cause for a wide range of hazards to business systems and information. For this reason, access controls must be put in place to mitigate any possible threat. 2. Scope and Applicability The scope of this policy applies to all Information Technology resources owned and/or operated by <Company>. Any information not specifically identified as the property of other parties that is transmitted or stored on <COMPANY> IT resources is the property of <COMPANY>. All users, including <COMPANY> employees, contractors, vendors or others) of IT resources are held accountable for upholding this policy. The <COMPANY> external website and information contained within it is regarded as “Public” information, and is available to anyone inside or outside the company. 3. Standards Each user provided access to <Company> systems and data is provided this access on a least privilege and need-to-know basis. The corporation will use a combination of role-based access control, mandatory access control, and/or discretionary access control as appropriate in order to safeguard sensitive information. 4. Policy 4.1......

Words: 993 - Pages: 4

Premium Essay

Remote Access Control Policy

...Remote Access Control Policy The Remote Access Control Policy for Richman Investments is designed to protect the confidentiality and integrity of our corporate and customer information. All remote sessions, including internal wireless access will utilize PKI certificates from a public trusted third party vendor using encrypted tunnels on the Internet. Site-to-Site data exchanges will be conducted using IPSec encrypted Tunnels. Customer Remote Access These Connections must allow the customer to securely exchange information with our Web Server applications. The Web Servers will be place on the Corporate DMZ and the Database Servers on the interior corporate LAN. Web to Database traffic will be encrypted. The Web Servers will have PKI certificates from a trusted third party vendor to eliminate spoofing. Data will be encrypted using SSL connections initiated on the customer’s Browser to maintain confidentiality. The customer will need to supply a username and password which the Web browser will pass to a RADIUS Server for Authentication, and Access permissions prior to granting access to protected areas of the Website. Employee Access All Employee Connections, internal and external, to the Internal LAN at all sites will utilize Two Party Authentication to minimize the risks of utilizing passwords as the primary access method. Employees will have a employees will have a onetime pass key generating token (Ex. RSA) and PIN in addition to their Username and Password to......

Words: 510 - Pages: 3

Premium Essay

Remote Access Control Policy Definition

...Remote access security policy involves the policies and conditions that are in place that allow users to connect to servers when out of the network. In the case of Richman industries, they are interested in maintaining connections with their users, and sharing app data that is on a server for their day to day operations. In their case, I would have access policy that is based on Explicit Allow policies. This means that the policy grants “Permission” to access the servers remotely if the connection attempt matches the policy conditions. Some of the requirements would include strict control enforced via one-time password authentication or public keys with strong pass-phrases. Also, anyone trying to gain access must not be connected to any other network at the same time, aside from personal home networks under the user's complete control. Further, employees with access must not use email accounts other than the company's standards, so that personal use won't be confused with business. Users must have approved virus control and spyware protection in place on all devices accessing the company network. Remote access will be limited in certain areas, while at least Applications will be approved for access (Shared application data is an important part of Richman’s network). Systems and system settings will not be accessible from remote, out of network connections, to protect from outside alterations of systems or system settings, and any Data access will be read only, with......

Words: 300 - Pages: 2

Premium Essay

Access Control Policy

...F Access Control Policy Student Name: Charles Williams University of Phoenix IT/244 Intro to IT Security Instructor’s Name: Tarik Lles Date: December 4, 2011 Access Control Policy Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems Access control is used to restrict operations, which authorized users can perform. Access control does exactly what it says, it controls what access an authorized user can have. A reference monitor is used for access control and follows instructions from an authorization database. These authorizations are controlled and administered by a security administrator who sets the access controls based on the companies’ security policies, which are defined by the organization. The decision of which access controls to use would be based on the organizational policy and two accepted standards of practice, which includes separation of duties and least privilege (Kurzban, 2011). 1 Authentication Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on. Today, when using a computer system, a number of computer services are provided to many users simultaneously, so it is important to ensure that authorized users will be granted access to......

Words: 1663 - Pages: 7

Premium Essay

Access Control

...Network Access Control, no matter what architecture you select, you definitely want to start by building a small interoperability lab. In this white paper, we’ll give you some advice on what to think about before you get started, and outline what resources you’ll need to have in place in order to begin testing. Any NAC deployment must start by answering three critical questions: 1) What is my access control policy? 2) What are the access methods (such as LAN, wireless, or VPN) I want to protect? 3) How will this integrate with my existing infrastructure? Once you answer these questions, you can begin to gather test lab resources, such as servers (for policy definition points), laptops or desktops (for network access requestors), and switches, access points, and VPN servers (for policy enforcement points). Getting Started with Network Access Control What is my access control policy? NAC is a generic concept that deals with defining access controls based on user authentication, end-point security assessment, and network environmental information. That’s too big for most network managers to bite off in a single chunk, so many NAC deployments hone in on a subset of these goals and expand over time. You’d be wise to do the same---trying to do too much too early in the lifecycle of this emerging group of products will lead to undue frustration and unnecessary complexity. To start, you should define a simple network access control policy. It is important to define your access......

Words: 1611 - Pages: 7

Premium Essay

Access Control Policy

... Access Control Policy Student Name: Christopher Waller University of Phoenix IT/244 Intro to IT Security Instructor’s Name: Romel Llarena Date: May 13, 2012 Access Control Policy Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems 1 Authentication Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on. Authentication credentials really help control access to sensitive data or systems by making it literally to get unauthorized access to them. Passwords and usernames are a good way to start because if you use those rights then these are hard to bypass, but multifactor authentication is a more efficient way for secure access. Triple authentication requires something you have, something you know, and something you are such as a keycard, password and a fingerprint. 2 Access control strategy 1 Discretionary access control Describe how and why discretionary access control will be used. Include an explanation of how the principle of least privilege applies to assure confidentiality. Explain who the information owner is that has the responsibility for the information and has the discretion to dictate access to that......

Words: 526 - Pages: 3

Premium Essay

Access Control

...Running head: Dormitory Access Control Case Study: Dormitory Access Control Elizabeth Koch CIS 210 Dr Lopez Abstract As a member of the Information Security team at a small college, you have been made the project manager to install an access control system (ACS) in a dormitory. The ACS will automatically unlock the dormitory doors via an electronic proximity reader and integrate with an existing security camera system.  The cameras are designed to face and rotate to record a person as they use their identification card to unlock the door.  Create a 3-4 page project plan for this project in which you: Project Scope Statement The Information Security team at Small University has been given the project to install an access control system (ACS) from Dynamics Security in a dormitory. The ACS will automatically unlock the doors via an electronic proximity reader and integrate with an existing security camera system. The existing cameras are designed to face and rotate to record a person as they use their identification card to unlock the doors. For this reason, the system will be designed in a way that the user will have three chances to unlock the door, if the user fails to unlock the door on the third attempt, then the alarm will go off. The ACS will also be designed to allow the security administrator to make changed for the ACS operations. These changes will be the camera positions, setting the alarm time, and setting the time the dormitory doors will lock. ...

Words: 755 - Pages: 4

Premium Essay

Remote Access Control Policy for Richman Investments

...Authorization- Richman Investments must define rules as to who has access to which computer and network resources. My suggestion is that RI implements either a group membership policy or an authority-level policy to achieve this. Group policy would allow the administrator to assign different privileges to different groups. The admin would then assign different individual users to those different groups. So the users permissions would depend on the permissions of the group they were a member of. With authority-level policy the admin would assign different permissions to individual users based on their position and authority level within the company and what access that position requires. Identification- Richman Investments needs to assign a unique identifier to each user in order to have accurate records of who is accessing, or trying to access, what applications, which network resource, and what data. The most common ID is the username, account number, or PIN Authentication- In order to keep the remote access to Richman Investments secure, there must be proof that the person trying to gain access to the network remotely is the same person who has been granted access by identification. To do this RI can choose one of the following knowledge type authentications: PIN, password, or passphrase along with one of the following ownership type of authentication: smart card, key, badge, or token. Using a combination of ownership authentication and knowledge authentication...

Words: 298 - Pages: 2