Sample I.T Secuirty - Network Security

We are continuing our series on Sample I.T Security Policy, so far we have covered Physical, Human, User Secuity and Client. Today lets concentrate on Network security which is as follows

5‐NETWORK SECURITY
“IS” CONSIDERED THE FOLLOWING:
1. The network must be designed and configured to deliver high performance and reliability to meet the needs of business whilst providing a high degree of access control and range of privilege restrictions.
2. Inappropriate control over access to the network will threaten the confidentiality and integrity of Organisation data.
3. Apply Strong monitor and management utilities in Organisation network.
4. Never communicate between Organisation units over the Internet without using some form of encryption.Unencrypted packet headers contain valuable nuggets of information about the structure of the internal network.
5. Always use encrypted communications for data that flows over public networks like the Internet.
6. Locally control and administer all security services for the network.
7. Make telecommunications security an integral part of the network security if the network can be accessed via modems.
8. Use leased lines rather than encrypted tunnels whenever practical.
9. Monitor and Audit the logs for the internal routers and switches.
10. Install fiber cables instead of UTP cables.
11. All speed dialing facility create information security risks as confidential customer contact information can be accesses just by pressing telephone keys.

I.S issues concerned:
• Sensitive information may be stolen because caller masquerade as you over the
telephone
• Secure or unlisted phone numbers may be acquires from your stored information.
• Secure or unlisted phone numbers may be acquired from global information stored in PBX.

Yasir
Personel Website: www.yasirirfan.com