Certain traffic is expressly forbidden: 1 0 No peer-to-peer file sharing or externally reachable file transfer protocol (FTP) servers 2 0 No downloading executables from known software sites 3 0 No unauthorized redistribution of licensed or copyrighted material 4 No exporting internal software or technical material in violation of export control laws 5 No introduction of malicious programs into networks or onto systems 6 0 No accessing unauthorized internal resources or information from external sources 7 No port scanning or data interception on the network 8 0 No denying service or circumventing authentication to legitimate users 9 0 No using programs, scripts, or commands to interfere with other network users 10 0 No sending unsolicited e-mail messages or Junk mail to company recipients 11 0 No accessing adult content from company resources 12 0 No remote connections from systems failing to meet minimum security requirements
Define a LANA-to-WAN, Internet, and Web surfing AAA-JP that restricts usage of the company’s Internet connection and permits the company to monitor usage of the corporate Internet connection. Carefully evaluate the implications of each policy and how implementations might impact the IT infrastructure, both positively and negatively. Weigh the benefits and the disadvantages of each method. Consider whether or not a proposed solution causes an interruption to the legitimate users and how it might bring security at the expense of preventing a perfectly legitimate activity. Acceptable Use Policy To fully explain the acceptable use policy would mean to begin from the beginning, the user domain. The user domain is the employee or people within an organization who is granted access to the information system for the organization.
There are roles and tasks, responsibility, and accountability that go into an acceptable use policy for the user domain. Within the user domain is the access of LANA to Wan, web surfing, and internet. LANA to Wan is the activities between LANA to Wan and firewalls, routers, intrusion, detection, and workstations. Web surfing determines what a user can do on company time with company resources. Internet is when the user has access to the internet what types of controls should the organization have on the certain internet sites being accessed. Although they all sort of are the same they are very much different (Corded, 2013). For the Lana to Wan AAA-JP will go hand in hand with the roles and tasks parts of the user domain.
Users would be given access to certain systems, applications, and data depending on their access rights. The AAA-JP is like a rulebook that employees need to follow when using an organization’s IT assets and if they are violated it could be grounds for termination. The AAA-JP will set grounds on employees o understand that they are responsible for any and all actions on an organization’s IT assets. In particular to organizations that have databases with sensitive information may also require a criminal background check before granting access. This all prevents risks, threats, and vulnerability that could compromise an organization’s system, applications, and/or data.
Lana and Wan AAA-JP helps in preventing users from destroying the firewalls and protection programs from leaking sensitive information and/or hackers from entering and obtaining important sensitive information to different area networks and the internet. For a solid AAA-JP would be to have security monitoring controls to avoid intrusions. It would be best to apply antivirus programs especially on emails and email quadratics to identify unknown file types and catch any unsafe programs trying to come into the organization. The ability to block outbound traffic that may be accessed during normal work procedures. Also to have some type of file transfer or monitoring on unknown files types received by employees.
These programs will all assist in maintaining security and integrity for the organization’s sensitive information (Kim & Solomon, 2012). Web riffing on company time would be controlled by acknowledging and restricting which sites an employee will be able to access during company time. There will be type of filter that will determine if the website is allowed to be access and scanned to determine if there are any dangerous or unknown files that can hurt the organization’s system. With the internet part of the AAA-JP would be to have a setting where if the employee decides to access internet sites not work related then they could be timed on the amount of time they can continue to view the sites.
For instance, if an employee wanted to do some shopping on their break there would armorial be a restriction to the shopping internet sites. However, there could be a monitoring program installed where the user would enter their surname and password and it would give them an hour, forty-five minutes or thirty minutes of viewing time. Advantage of this protocol will prevent employees from being less productive while they should be doing work on their paid work time. Another advantage would be to prevent employees from accessing unauthorized websites and bringing in viruses into the organizations and making limitations on what type of emails are to be sent and accepted within the organization.