A.7 ABC Inc. InfoSec Router Policy


A.7 ABC Inc. InfoSec Router Policy

Policy No. 6

Effective date Month / Day / Year

Implement by Month / Day / Year

1.0 Purpose

This document describes a required minimal security configuration for all routers and switches connecting to a production network or used in a production capacity at or on behalf of ABC Inc.

2.0 Scope

All routers and switches connected to ABC Inc. production networks are affected. Routers and switches within the internal networks are not affected. Routers and switches within DMZ areas fall under the DMZ Policy.

3.0 Policy

Every router must meet the following configuration standards:

  1. No local user accounts are configured on the router. Routers must use TACACS+ for all user authentication.

  2. The enable password on the router must be kept in a secure encrypted form. The router must have the enable password set to the current production router password from the router's support organization.

  3. Disallow the following:

    1. IP directed broadcasts

    2. Incoming packets at the router sourced with invalid addresses such as RFC1918 address

    3. TCP small services

    4. UDP small services

    5. All source routing

    6. All web services running on router

  4. Use corporate standardized SNMP community strings.

  5. Access rules are to be added as business needs arise.

  6. The router must document router configurations and point of contact(s).

  7. Each router must have the following statement posted in clear view:

    "UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED. You must have explicit permission to access or configure this device. All activities performed on this device may be logged, and violations of this policy may result in disciplinary action, and may be reported to law enforcement. There is no right to privacy on this device."

4.0 Enforcement

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

5.0 Definitions

Production Network: The "production network" is the network used in the daily business of ABC Inc. Any network connected to the corporate backbone, either directly or indirectly, which lacks an intervening firewall device. Any network whose impairment would result in direct loss of functionality to ABC Inc. employees or impact their ability to do work.

Lab Network: A "lab network" is defined as any network used for the purposes of testing, demonstrations , training, etc. Any network that is stand-alone or firewalled off from the production network(s) and whose impairment will not cause direct loss to ABC Inc. nor affect the production network.

6.0 Exceptions

Exceptions to information system security policies exist in rare instances where a risk assessment examining the implications of being out of compliance has been performed, where a Systems Security Policy Exception Form has been prepared by the data owner or management, and where this form has been approved by both the CSO or Director of InfoSec and the Chief Information Officer (CIO).

7.0 Revision History

Date ___/____/_____

Version:_______________________

Author:____________________________________

Summary:__________________________________




Wireless Operational Security
Wireless Operational Security
ISBN: 1555583172
EAN: 2147483647
Year: 2004
Pages: 153

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net