Data Network Security Policy

Transcription

1 Authors: Mike Smith Rod Makosch Network Manager Data Security Officer IM&T IM&T Version No : 1 Approval Date: March 2005 Approved by : John Aird Director of IM&T Review Date : 1 April 2006 Trust Ref: C7/2005 Page 1 of 10

2 Page 2 of 10

3 Index 1. Introduction UHL Network Policy Statement Structure of the DN Responsibilities Network documentation The NHS Code of Connection Access to the IM&T Data Network Methods of access to the DN Access via network port RAS Access Access via modem Access via GPRS & broadband Wireless access Access granted to other NHS bodies External connections Account access to the DN Administrator Access User Access Third Party Access Physical security of DN components Cores & Switches Hubs Fibre & Copper Cabling and other transport media DN Component Maintenance Electronic security of DN components Anti Virus Firewalls Security Logging Resilience and capacity management...10 Page 3 of 10

4 1. Introduction The IT Data Network (DN) is a vital component of the smooth running of most IT systems within the UHL, allowing users to access both clinical systems (e.g. HISS and PACS) and non clinical systems (e.g. and finance) It is therefore essential that a robust framework is developed to ensure a secure network infrastructure throughout the UHL. This policy covers the following areas:- Access to the DN Physical security of DN components Electronic security of DN components Resilience and capacity management Reference is made, within this policy, to detailed procedural documentation for IM&T Technical Operations. Where such a reference is made, a link to the procedure will be incorporated UHL Network Policy Statement All wide and local area networks will be managed to accepted security standards. These will, as a minimum, meet the requirements set out in the NHSNet Code of Connection and BS UHL signs the NHS Code of Connection 2. Structure of the DN The DN consists of a. The WAN, fibre cabling connecting the three hospital sites, backed up by a microwave link. b. Three LANs, a mixture of fibre and copper cabling within the hospital sites. c. A number of network hardware devices, cores, switches and hubs on each site. 1 Information Security Policy A10/2003 Page 4 of 10

5 2.1 Responsibilities All components of the DN are under the control of the Directorate of IM&T, and specifically the Network Administration section of the Technical Operations Department. 2.3 Network documentation The Network Administration section must maintain current network diagrams detailing the configuration of the DN itself and all the major network components on it. These diagrams are to be kept, securely, within IM&T and copies must be lodged with the company supplying external support for the DN The NHS Code of Connection All connections to the DN must comply with the current NHSNet Security Operating Procedures. (Currently available at:- 3. Access to the IM&T Data Network 3.1 Methods of access to the DN There are a number of methods used to access the DN, these are:- Access via a network port RAS (Remote Access Server) access Access via a modem Access via GPRS & Broadband Wireless (WiFi) access Access via network port Access via a network port within the UHL is the most common form of access to the DN. Only devices authorised and administered by IT (or in certain circumstances named officers of the UHL acting on behalf of IT) are allowed to be attached to the DN RAS Access RAS access is a system allowing for users to connect to the DN over the public telephone network. Users using this form of access from UHL laptops must have the laptop set up with two profiles, one disabling the network card and the other disabling the modem. Users accessing the DN by this method Page 5 of 10

6 must agree to comply with the Policy on Mobile Computing (currently under development) and must have completed the appropriate documentation. A register of all users granted access via the RAS system is kept by IM&T Access via modem Access via a modem is allowed only for certain third party support companies, a register of these companies, incorporating details of the systems supported and contacts is maintained by IM&T. All modem access activity must be logged and monitored. Modems must be switched off and disconnected from the network when not in use. Efforts must be made to discourage this form of access Access via GPRS & broadband Access via GPRS or broadband offer alternative methods of accessing the DN via the public telephone system (see 1.2 above). These are supplied by third party VPN secure gateways from BT and Cable and Wireless. Users accessing the DN by this method must agree to comply with the Policy on Mobile Computing (currently under development) and must have completed the appropriate documentation. A register of all users granted access via GPRS or broadband is kept by IM&T Wireless access The UHL has a number of wireless access points. Configuration of these must comply with the relevant section of the NHSnet System Operating Procedures see: A full risk assessment will be completed for all requested wireless access points and details of these are kept with the network documentation (See 2.3 above) Access granted to other NHS bodies Access, to the DN, is granted to local NHS bodies as a part of reciprocal arrangements covering rights to use various systems External connections All external connections must be established by IM&T. Before allowing third party access a risk assessment will be conducted to identify risks and appropriate counter measures. Arrangements for third party access must be based on a formal contract containing, or referring to, all the necessary security conditions to ensure that the organisation can satisfy NHS information security requirements. Contracts Page 6 of 10

7 may include agreement for the Trust to audit the security arrangements the third party has in place. Details of these connections are kept with the network documentation (See 2.3 above). 3.2 Account access to the DN Access is split into three distinct areas: Administrator access this is the access granted to the members of the Network Administration Section of the Technical Operations Department within IM&T and to any external supplier contracted to provide support for the network. Individual officers having this level of access are granted the rights to configure network devices and monitor network traffic. A register of users having this level of access is maintained by the Deputy Operations Programme Manager. User access this is the access granted to the majority of staff within the UHL. Individuals who have this level of access are granted the rights to log on to the DN and use facilities on it appropriate to their requirements. Third Party access this is the access granted to organisations outside the UHL who require access to the DN in order to support applications or other systems. A register of organisations having this level of access is maintained by the Deputy Operations Programme Manager Administrator Access UHL officers granted this level of access are responsible for the maintenance of network availability as detailed in section 6 (see below). They are also responsible for the maintenance of the network diagrams User Access UHL officers granted this level of access are responsible for their account details are kept secure and must report, to IM&T, any incidence, whether actual or suspected, where this security may have been compromised. User access to the IM&T Data Network will only be granted to individuals upon receipt of a properly completed application form. Access will only be granted on the understanding that the user granted access will comply with the relevant policies on use of the network, and the internet. Page 7 of 10

8 3.2.3 Third Party Access Companies offering third party support for systems within the UHL will only be granted sufficient access to the DN to allow them to fulfil their support function. 4. Physical security of DN components No equipment is to be attached to the IM&T Data Network without the prior agreement of the Director of IT. (Note this authorisation authority can be delegated to any officer within the IT Directorate). Formal change control procedures will be instigated for all significant modifications to the DN (patching of individual ports is not regarded as significant). The change control register is maintained by the Network Administration Section. DN components must be sited so as to avoid interference from other potential sources of electromagnetic interference Cores & Switches These devices form a major component of the DN and, as such, must be kept in an appropriately secure environment. Only members of the Network Administration Section; authenticated officers of the external network support company or authenticated officers of am approved cabling company are allowed access to this equipment. Any other individual requiring access to this equipment must be supervised by a member of the Network Administration Section Hubs Risk assessments must be completed for all hubs and security afforded them dependant upon the effect on business continuity of their loss. Access to hub rooms and cabinets must be restricted, where possible, to IT staff and, where hubs are situated in shared accommodation, the hub cabinets (closets) must be kept locked Fibre & Copper Cabling and other transport media All cabling, fibre or copper, used on the DN must be of an approved standard and laid, where possible, in appropriate containment. Page 8 of 10

9 4.4. DN Component Maintenance Key components within the DN must be connected to essential power supplies, backed up by UPS. Remote environmental monitoring of key components within the DN must be carried out to ensure that they remain within the manufacturers recommendations. Suitable spares must be held available on-site for failures of access layer components. Core components must be available from the third party support company within an agreed time. 5. Electronic security of DN components Network access to DN components must be restricted to members of the Network Administration Section. Administrator login credentials for DN components must be changed from the manufacturer s defaults on installation and must subsequently be changed at a minimum of every 90 days. Passwords for accounts with administrator access to the DN will be a minimum of 8 characters and require both alpha and numeric digits Anti Virus The DN must be protected by suitable anti virus software being loaded and run, as appropriate, on devices connected to it. The anti virus software must be kept up to date with patched supplied by the provider of the software and an automatic update policy applied to all attached equipment. 5.2 Firewalls The DN must be protected by suitable firewalls. There firewalls must all be configured to prevent all inappropriate access from outside the UHL to the DN. To ensure consistency, all firewalls must be configured in the same way. Firewall logs must be scrutinised regularly to check for problems, evidence of this scrutiny must be recorded in a register maintained by the Network Administration Section. Page 9 of 10

10 5.3 Security Logging All computers, servers, workstations and routers on the network will have logging of security relevant events enabled in circumstances where those logs can be reviewed, so that an audit trail of incidents will be available. 6 Resilience and capacity management Appropriate risk assessments must be completed annually on the major components of the DN. From these risk assessments, adequate resilience must be planned and built into the DN to avoid loss of service resulting from a malfunction in one component. The effect on the DN must be incorporated into the planning on any project involving the use of IT equipment and, where necessary, allowance must be made within the project plan for additional capacity on the DN. Regular monitoring of traffic on the DN must be completed, by the Network Administration Section, to identify problems and enable timely and appropriate upgrades to be made to the system. Page 10 of 10