Virtual Private Network Policy

Essay by review • February 6, 2011 • Study Guide • 817 Words (4 Pages) • 1,070 Views

Essay Preview: Virtual Private Network Policy

prev next

Report this essay

Page 1 of 4

Virtual Private Network (VPN) Policy

Issue Date:3/24/03

Revision Date:

1. Policy Purpose

The purpose of this policy is to provide guidelines for Remote Access IPSec or PPTP/GRE (for AOL ISP users) Virtual Private Network (VPN) connections to the corporate network.

2. Policy Scope

This policy applies to all employees, contractors, consultants, temporaries, and other workers, including all personnel affiliated with third parties using VPNs to access the network. This policy applies to implementations of VPN directed through an IPSec Concentrator.

3. Policy Description

Approved employees and authorized third parties (customers, vendors, etc.) may use the benefits of VPNs, which are a "user managed" service. This means that the user is responsible for selecting an Internet Service Provider (ISP), coordinating installation, installing any required software, and paying associated fees.

User Responsibilities:

1) It is the responsibility of employees with VPN privileges to ensure that unauthorized users are not allowed access to internal networks.

a) Use of the remote client will be limited to employees only.

b) Company-owned machines are not to be shared with non-company family members.

c) Users will only use an company-approved operating system. *

d) Users will ensure that latest operating system software patches have been applied. *

e) Users will ensure that company-approved virus protection software is installed, enabled, and updated. *

f) Users will ensure that company-approved personal firewall software is installed, enabled, and updated. *

g) Users will ensure that company-approved malware/spyware software is installed, enabled, and updated. (Recommended www.pestpatrol.com)

h) Users will not install non-company-approved software on company-owned machines. Software provided by the user's ISP that is required for connectivity is permitted.

i) Users will not enable non-company-approved services on company-owned machines. *

j) Users will not attempt to disable security configuration settings on company-owned machines. *

k) Logging will be enabled on client machines *

l) Time will be synchronized on client machines *

m) Users will be notified when updates requiring their action must be installed.

* Please call the company Information Technology Help desk at xxx for further clarification

2) VPN use is to be controlled using either a one-time password authentication, such as a token device, a public/private key system with a strong pass phrase, or token device implement "must have/must know" security concept. ("Must have/must know" refers to requiring the user to have a physical possession of a hardware token - "must have", but that token not being usable without a password or PIN - "must know".). Floppy tokens must not be copied to hard drive.

3) When actively connected to the corporate network, VPNs will force all traffic to and from the PC over the VPN tunnel. All other traffic will be dropped.

4) Dual (split) tunneling is NOT permitted; only one network connection is allowed.

5) VPN gateways will be set up and managed by company network operational groups.

6) VPN users will be automatically disconnected from company's network after 30 minutes of inactivity. The user must then logon again to reconnect to the network. Pings or other artificial network processes are not to be used

...

Download as: txt (5.6 Kb) pdf (88 Kb) docx (11.4 Kb)

Continue for 3 more pages »

Read Full Essay Save

Only available on ReviewEssays.com

Similar Essays

Contracting Private Security

Contracting Private Security As a CSO of a large corporation, I would readily assume a bigger role and responsibility for asset management and protection, not

651 Words | 3 Pages
Home Bazaar - Brand Policy of a Service Industry

COMPANY OVERVIEW Home Bazaar started their journey at October 2007, at Dhanmondi area. At the very beginning the served only egg. Then they started serving

1,881 Words | 8 Pages
Virtual Reality

Virtual Reality By: Tyler E-mail: Stix36000@aol.com Virtual Reality - What it is and How it Works Imagine being able to point into the sky and

3,335 Words | 14 Pages
Saving Private Ryan

Saving Private Ryan is a movie that generates strong responses from most people that see it. While interviewing four individuals and reading three movie reviews,

992 Words | 4 Pages
Globalization, Alliances and Networking: A Strategy for Competitiveness and Productivity

Globalization, alliances and networking: A strategy for competitiveness and productivity Joseph Prokopenko 1. Productivity, competitiveness and development For many years productivity has been a key

9,573 Words | 39 Pages
Virtual Private Network - Advantages and Disadvantages

VPN Introduction: VPN stands for Virtual Private Network. VPN is a data network connection that makes use of the public telecommunication infrastructure but maintains privacy

1,140 Words | 5 Pages
Virtual Private Network Protocols

Virtual Private Networks have evolved from intranets, which are password protected sites designed for use only by company employees. But instead of created protected

854 Words | 4 Pages
Overview of Virtual Private Networks

Overview of Virtual Private Networks Outline Thesis Statement: For many companies, setting up an effective Virtual Private Network (VPN) can extend the company's LAN

2,504 Words | 11 Pages