Microcomputers are being increasingly used at XXXX as part of departmental and administrative networks and, as such, they have become important elements of highly interdependent and cooperative systems. Further, microcomputers are subject to a variety of security threats including those from system equipment failure, software viruses, and unauthorized access. The networking of microcomputers has made security threats to one networked microcomputer a significant risk to all others on the network. Microcomputer networks have become ubiquitous and essential support elements to XXXX's educational, research and service mission. It has become imperative to interconnect these networks and achieve economies of scale in their purchase and management.
It is important to have a well-conceived and effective network security policy that can safeguard the investment and information resources of XXXX. It is worthwhile to implement a NSP, if the resources and information on its networks are worth protecting. An effective network security policy can be defined as something that all network users and network administrators can agree upon and are willing to enforce.
The XXXX network(s) can be thought of as a system having multiple sites with each having its own networks. Therefore, the required site security policies should take into account the protection of the following resources: Individual workstations, file servers, Interconnection devices such as gateways, routers, bridges, repeaters, etc., terminal servers, networking and application software, network cables, and Information in files and databases. It is also crucial to have a site security policy that considers the security needs and requirements of all the interconnected networks.
Because technology changes rapidly, computer security procedures should be reassessed on a regular basis.
What follows are a set of suggested policy statements and operating guidelines which may make progress toward more security of the multiple LANs at the XXXXX.
Suggested Policy Statements
Data created and stored on microcomputer hard disks will be secured through routine back-ups. Back-up is the process of copying data to the network file server, diskette, magnetic tape or some other form of storage media. These copies may be used to restore electronic files to the microcomputer if the original files are destroyed or corrupted in any fashion. Back-ups will be performed, at a minimum, for twice a week we should have a back up of the system. The back-up and restore process will be tested should be tested on monthly. We can store the critical issues in the system file which are off-site will automated as a backup in the system but most of the people don't backup there system which is rarely approved by the user or the admin.
Networks and File Servers
File Server Backup
All critical files must be backed up on a regular (daily backups are the most desirable) basis and full backups should be stored in a secure offsite location. By using backup for the server we can protect the coding and to sustain the rendering files in the system and the coding part in the system can also be saved by this process we can also help the server failure or filling a report in the network system or different server issues in the system.
Departmental Network Routers
Standards for Network Naming and Numbering will be established centrally by the XXXX. Network numbering and naming must be managed by the departmental LAN administrators in conjunction with XXXXs Department of Information Technology. All Internet Protocol (IP) numbers must be registered in XXXX Domain Name Servers (DNS).
Encryption of Openly Transmitted Data
As XXXX is frequently transmitting sensitive data such as patient, student or personnel records, all openly transmitted data must be encrypted. Openly transmitted data consists of radio, laser, telephone, or Internet connections. The different kind of the connection which are used for the broadcasting channel can be saved by using encrypt the data for broadcasting signal.
Secure Network Connectivity Points
All interconnection devices (hubs, bridges, routers, patch panels, etc.) and servers must be located in secure or restricted access rooms. We should protect the data present in the hard drive or in super computer with strong firewall or antivirus in the system to get access into main computer or the main networking server they should have password and login details of the users the people who are working for the main computer should be protected their admin password they should check the computer by not enter any hard disk or USB in the admission room several sort of error may be caused by the external devices and different types of worm in those external devices.
Internet and Intranet Servers
1. The Super User (SU) or other passwords used for managing servers must be changed regularly.
2. The Server Administrator must implement all known vendor supplied software security fixes.
3. The Server Administrator must implement access security rights in order to manage proper access by groups or individual users.
4. The Server Administrator must restrict root access to system console.
Suggested Operating Guidelines
All microcomputers located on XXXX networks should limit system access through password security measures. Passwords should have a minimum length of the password should be strong and contain eight or more characters and it must be combination of alphanumeric characters. The different types of protecting method of the password are
Minimum of one or two capital letters.
Should contain different types of hashes keys.
Password should not have the different types of terms in the dictionary.
Password should not be same as the user name of the mail id of the user login.
The letters present in the password must contain in the first half of the alphabet uppercase and second half lower case.
Change the password for every week or month.
These measures will require that all systems users use unique and secret passwords before utilizing microcomputer systems. Further, the password process should require that users change their password on a regularly scheduled basis. The password change cycle should be appropriate to the level of security exposure. In addition to maintain an annual passwords change of the individual and the account ability to change the password weekly basis in the system. Invalid login attempts should be limited to at least three attempts. The exception to this rule would be guest access to systems, however, the level of access afforded the guest should be limited and under the close direction of the appropriate network administrator. The user present in the network must not be permitted into local area network if the password expires or modified we should stop the user authecation in the system so that the user should be permitted into LAN settings he should contact the administrator to get access into the local area network.
ï‚· Protection from Viruses
Efforts should be taken to lessen the risk to microcomputers arising from software viruses. Microcomputers are particularly susceptible to damage from software viruses, a species of computer programs maliciously designed to corrupt essential software and data located on computer hard disks. It is necessary that the antivirus program will also detect and cure any known Trojan horses or worms during its scanning process. All microcomputer hard disks should be periodically scanned for software viruses and any viruses encountered will be removed as they are located. This routine scanning and correction process should occur frequently and virus protection software should be updated regularly. The users should always update the anti-virus and the firewall in the system if the antivirus is not updated the worm or virus may enter in the system and may attack the system files in the database and by updating the antivirus and the firewall we can protect our system by not entering the invaders into our system and by not inserting hard disk or any external devices into the system so that worm may not enter into the system files.
ï‚· Physical & Software Security of Client Workstations
Microcomputers should be protected by surge protectors and secured, both physically and through software, to avoid their use by unauthorized personnel and visitors to XXXX. When feasible, microcomputers will be placed in office areas that may be locked during off hours and have adequate numbers of XXXX staff to supervise their use during business hours. Unattended microcomputers should have keyboard locking mechanisms. All networked microcomputers should utilize software to either terminate systems usage or require re-entry of user passwords after the device has sat unused for ten or more minutes. To avoid unattended workstations, in most cases users should only be allowed to log on to one workstation on a LAN at any given time. Although 24 hour access will be allowed to the network, some applications may be more secure if access is limited to normal working hours. The Computers which are present for the development Centers used for the clients must be allocated with a secure id or password to enter into the LAN and we should also check the firewall as well as the security for the system the user must contain id to enter into the system domain so they may not cause any internal bleach in the company or the data may be corrupted or infected by the user.
All users in XXXX should be knowledgeable in the basic operations of the computer and associated programs. The user must be trained or educated to use the computer if he not trained there will different consequences to the company he may create an internal threat to the company by downloading stuff form the internet by this way worm may enter into the system by USB or external devices they are not cautious about the company and there assets. They must have the knowledge to defend his system from the outside world he should be caution about the password usage and protection of his system and LAN.
File Server and Network
ï‚· Virus Protection
All networks should employ methods for routinely scanning electronic files coming into the network via diskette, Internet file transfer, remote access links, or other means as they arise. Computer administrator and other people present in the LAN must install antivirus up to date and must update the firewall in the system and they should have the backup of system files the team must install the antivirus on every workstation and servers and maintain the anti-virus software up to date and should not enter USB or external devices in the system and password must be changed by using Network Secure ID in the LAN.
ï‚· Uninterrupted Power Supply (UPS) Protection
All file servers should be protected by an UPS. The abrupt termination of a file server could easily result in file corruption.
ï‚· Disconnect Unused Data Jacks
In order to ensure that unused data jacks do not pose a threat for unauthorized access, all unused data jacks should be disabled or disconnected.
ï‚· Server Password Protection
Supervisory access to network file servers should be restrictive and the password should be changed regularly.
ï‚· LAN Administrator Training
The person called in to perform LAN administration should have the necessary technical knowledge and experience in the field of operation. Training programs may be required and are encouraged to improve the computing skills and proper utilization of network services and resources.