1.0 Chapter 1: General Security Principles

Previous page
Table of content
Next page

1.1 SECURITY POLICIES

Security Policies are the blueprints used to build a security program. Your organization probably has a policy that states a system must be hardened before connecting it to the network. In this book, we will show you how to harden a Linux system, step by step, so that you can adhere to that policy. In very basic terms, Security Policies are the rules by which we secure environments. There are many types of security policies. These include:

  • Corporate Security Policy “ Defines overall security rules that apply to the entire corporation.

  • Remote Access Policy “ Defines rules for connecting to a company's network from a remote host.

  • Password Policy “ Defines rules for creating, changing and maintaining strong passwords.

  • Anti-Virus Policy “ Defines rules for the implementation and maintenance of an anti-virus program.

  • Acceptable Use Policy “ Defines rules for the acceptable use of corporate resources, such as Internet, e-mail, workstations, network, etc.

Samples of these policies can be found at http://www.sans.org/newlook/resources/policies/policies.htm

Your company may already have many of these policies implemented. If you are involved in writing security policies, there are some guidelines you should remember.

  • Security Policies should answer the Who, What, When, Where and Why of your objective.

    Some elements of a security policy that help achieve this include a purpose, background, scope, action and responsibility. Guidelines, Standards and Procedure documents answer the question of how the policy will be implemented.

  • Security Policies should be clear and concise .

    Security Policies are useless if they cannot be understood or contain the same number of pages as War and Peace .

  • Security Policies should be enforceable.

    If your Senior Management will not follow the policy, you cannot expect the rest of your employees to. A classic example of this is an e-mail policy that forbids sending personal e-mail from work. The first time your CEO sends an e-mail to his wife, your policy became unenforceable.



Previous page
Table of content
Next page
Securing Linux. A Survival Guide for Linux Security
Securing Linux: A Survival Guide for Linux Security (Version 2.0)
ISBN: 0974372773
EAN: 2147483647
Year: 2002
Pages: 39
Authors: David Koconis, Jim Murray, Jos Purvis, Darrin Wassom
BUY ON AMAZON
Systematic Software Testing (Artech House Computer Library)
SQL Hacks
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
InDesign Type: Professional Typography with Adobe InDesign CS2
VBScript in a Nutshell, 2nd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy