A.12 ABC Inc. InfoSec Wireless Communication Policy

Previous page
Table of content
Next page

A.12 ABC Inc. InfoSec Wireless Communication Policy

Policy No. 11

Effective date Month / Day / Year

Implement by Month / Day / Year

1.0 Purpose

This policy prohibits access to ABC Inc. networks via unsecured wireless communication mechanisms. Only wireless systems that meet the criteria of this policy or have been granted an exclusive waiver by InfoSec are approved for connectivity to ABC Inc.'s networks.

2.0 Scope

This policy covers all wireless data communication devices (e.g., personal computers, cellular phones, PDAs, Blackberries, etc.) connected to any of ABC Inc.'s internal networks. This includes any form of wireless communication device capable of transmitting packet data. Wireless devices and/or networks without any connectivity to ABC Inc.'s networks do not fall under the purview of this policy.

3.0 Policy

3.1 Register Access Points and Cards

All wireless Access Points / Base Stations connected to the corporate network must be registered and approved by InfoSec. These Access Points / Base Stations are subject to periodic penetration tests and audits . All wireless Network Interface Cards (i.e., PC cards) used in corporate laptop or desktop computers must be registered with InfoSec

3.2 Approved Technology

All wireless LAN access must use corporate-approved vendor products and security configurations.

3.3 VPN Encryption and Authentication

All computers with wireless LAN devices must utilize a corporate-approved Virtual Private Network (VPN) configured to drop all unauthenticated and unencrypted traffic. To comply with this policy, wireless implementations must maintain point to point hardware encryption of at least 56 bits. All implementations must support a hardware address that can be registered and tracked, i.e., a MAC address. All implementations must support and employ strong user authentication which checks against an external database such as TACACS+, RADIUS, or something similar.

3.4 Setting the SSID

The SSID shall be configured so that it does not contain any identifying information about the organization, such as the company name, division title, employee name , or product identifier.

4.0 Enforcement

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

5.0 Definitions

User Authentication: A method by which the user of a wireless system can be verified as a legitimate user independent of the computer or operating system being used.

6.0 Exceptions

Exceptions to information system security policies exist in rare instances where a risk assessment examining the implications of being out of compliance has been performed, where a Systems Security Policy Exception Form has been prepared by the data owner or management, and where this form has been approved by both the CSO or Director of InfoSec and the Chief Information Officer (CIO).

7.0 Revision History

Date ___/____/_____

Version:_______________________

Author:____________________________________

Summary:__________________________________



Previous page
Table of content
Next page
Wireless Operational Security
Wireless Operational Security
ISBN: 1555583172
EAN: 2147483647
Year: 2004
Pages: 153
Authors: John Rittinghouse PhD CISM, James F. Ransome PhD CISM CISSP
BUY ON AMAZON
WebLogic: The Definitive Guide
SQL Hacks
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Visual Studio Tools for Office(c) Using C# with Excel, Word, Outlook, and InfoPath
Understanding Digital Signal Processing (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy