Network Security Policy is crucial in today’s age and having them implemented in organization where you are working is essential. Depending upon the structure of your department. Network security policy should be written by Network Security professional, though it is specific to the organization you are working for but below template will give basic idea of how it has to be written.
Network / Internet Security Policy Template
All users who use the IT Service (the “employees,” “guests,” “you,” or “your”) of Mairi Manzil Group must provide a correct user ID and password to access the Network resources, file server and Internet.
The following are violations of this agreement:
- Unauthorized copying of data, files and software either belongs to Mairi Manzil Group or any other person’s personal.
- threatening of bodily harm or the threat of property damage to groups or individuals;
- making or taking part in fraudulent offers or products, items or services originating from your account;
- attempting to access accounts of anyone other than your own, attempting to penetrate (“hacking”) security measures of Company, whether or not the intrusion results in data corruption or loss;
- the unauthorized use of a person’s name or likeness;
- Access any other person’s computer or computer system, network, software, or data without his or her knowledge and consent; breach the security of another user or system; or attempt to circumvent the user authentication or security of any host, network, or account. This includes, but is not limited to, accessing data not intended for you, logging into or making use of a server or account you are not expressly authorized to access, or probing the security of other hosts, networks, or accounts without express permission to do so;
- use or distribute tools or devices designed or used for compromising security or whose use is otherwise unauthorized, such as password guessing programs, decoders, password gatherers, keystroke loggers, analyzers, cracking tools, packet sniffers, encryption circumvention devices, or Trojan Horse programs. Unauthorized port scanning is strictly prohibited;
- interfere with computer networking or telecommunications service to any user, host or network, including, without limitation, denial of service attacks, flooding of a network, overloading a service, improper seizing and abusing operator privileges, and attempts to “crash” a host;
- assist others in engaging in prohibited conduct;
- send or receive any material that could be considered harmful, obscene, pornographic, indecent, lewd, violent, abusive, profane, insulting, threatening, tortuous, harassing, hateful or otherwise objectionable without explicit written consent;
- send “spam,” chain letters, or other unsolicited communications to any party;
- Forward messages.
- posting or emailing of scams or “get rich quick” schemes, pyramid type or chain letters, subscribing others to a mailing list without their prior consent or knowledge or approval;
- disseminate viruses, Trojan horses, or other code or programming intended to damage, interfere with, intercept or expropriate any system, data or personal information;
- Harassing others by “mail-bombs”. Mail bombing is here defined as the sending of more than 10 like messages to the same address or by the sending of more than 10 MB of data to a newsgroup. The sending of unsolicited email messages where the recipient objects to the content of the material sent;
- send or receive any material that harasses, victimizes, degrades, or intimidates an individual or group of individuals on the basis of religion, race, ethnicity, sexual orientation, gender, age, or disability;
- send or receive material containing defamatory, false, or libelous material;
- send or receive any material that you do not have a right to make available under law or contractual or fiduciary relationships;
- Bandwidth Usage
- Streaming is prohibited unless it is official.
- Downloading personal data, video and audio files is not allowed.
- Downloading files more than 20MB (personal or private) is not allowed.
Change in policy
ICT Department does not routinely monitor the activity of individual accounts for violations of this Policy, except for determining aggregate data consumption in connection with the data consumption provisions of this Policy. Department has no obligation to monitor the Service and/or the network.
However, Mairi Manzil Group reserve the right at any time to monitor bandwidth, usage, transmissions, and content in order to ; identify violations of this Policy; and/or protect the network, the Service and Company users.
WiFi Security Measures
Though our network has SSID with WPA Encryption, but it doesn’t mean the network is well protected we need to ensure access to our network is provided only to Authorized users, therefore any new device to be registered with the Company which will have the following important updates on our System;
- Device Registration : Device’s MAC Address to be registered in DHCP Server so the allowed IP range is provided, this depends which VLAN the user will be accessing or the device will only access the Internet, then the mac address to be registered in firewall as well as in Wireless Lan Controller.
- De-Registration : Device to be automatically de-registered from (DHCP, Firewall and Wireless Lan Controller) if device is not seen on network for more than 30 days.
- Login Credentials : All the users of Mari Manzil Group will be provided login credentials to access network resources, SSO is also in place which means that most of the services and resources will be accessed through the same login detail.
BYOD and Company WiFi
Wi-Fi Service is available to only company provided Devices, however if it is required to use personal Equipment’s a BYOD policy is applicable and you need to get permission from your HOD to get the service.
No spamming is allowed. If it is a marketing related email, only marketing department will be allowed to use email tool which IT Department can provide, Management has allowed Head Of Departments to send email to mailing list if it is required to send everyone you may contact your respective Head of Department.
Anyone sending mass mailed messages to more than 30 recipients will be considered spammers. Spamming is defined as sending unwanted, unsolicited email to those who have not requested or invited the message. In no way does Company provide open relaying services to users not within our network.
Violations of Network Security Policy:
Users need to be aware that the WiFi doesn’t mean internet, when you connect with WiFi it means you are connecting with company servers and resources and Internet is used for accessing company emails and other cloud services. However, if you use internet you need to make sure that the purpose of Internet is to connect to remote company locations for example from remote locations to Data Center is to enable branches to connect with servers, so it is important to take care of Internet bandwidth as below; Below techniques will be used to allow access to network resources Media Access Controller Address, it is a unique identified of network interface card of each network device, in order to get access to network this address should be provided to Department to add to the list of allowed networks and if device is no more property of employee they must inform IT to enable them to remove from the list. Desktops and laptops are already supplied with USER ID and Password however the BYOD doesn’t have one so it is important to have user ID and password when accessing Internet and network resources using WiFi and this user ID and password must not be shared with anyone to access the network user ID and password needs to be entered and if device is idle then device will be automatically disconnected. The policy is specific to Mairi Manzil Group, however, this purely depends on latest threats of the time when you need to write the policy. But the policy Audit is also must, mainly CISSP or CISA professionals will help you to know if policy addresses all the important areas of Network and Internet Security. Most of the companies also write the Security Policy in general that covers Network, Data, Physical, Logical, Computer, Servers, Users and Internet etc. But it totally depends on size of company. You can consider this policy as the subset of overall network security policy. If you are looking for a professional to write network policy for your organization Contact Here
Visit NIST to know more about Cyber and Network Security