ALTOONA AREA SCHOOL DISTRICT



Similar documents
Information Services and Technology THIRD PARTY CONNECTION AGREEMENT

Security Technology: Firewalls and VPNs

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2

Network Security Policy

Ti m b u k t up ro. Timbuktu Pro Enterprise Security White Paper. Contents. A secure approach to deployment of remote control technology

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Standard: Network Security

3. Firewall Evaluation Criteria

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Introduction of Intrusion Detection Systems

VPN. Date: 4/15/2004 By: Heena Patel

ROCHESTER AREA SCHOOL DISTRICT

State of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE NETWORK RESOURCES POLICY

Information Technology Security Procedures

Directed Circuits Meet Today s Security Challenges in Enterprise Remote Monitoring. A White Paper from the Experts in Business-Critical Continuity TM

Remote Connectivity for mysap.com Solutions over the Internet Technical Specification

Fax/Network Data Security and Lexmark Multifunction Products. Version 3.3

REMOTE ACCESS POLICY OCIO TABLE OF CONTENTS

Security Design.

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab March 04, 2004

Consensus Policy Resource Community. Lab Security Policy

OIT OPERATIONAL PROCEDURE

Windows Operating Systems. Basic Security

Antivirus and Malware Prevention Policy and Procedures (Template) Employee Personal Device Use Terms and Conditions (Template)

MISSISSIPPI DEPARTMENT OF HEALTH COMPUTER NETWORK AND INTERNET ACCESS POLICY

Network Security Administrator

Remote Access Security

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Cornerstones of Security

Information Security Policy

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Recommended IP Telephony Architecture

Please note that in VISA s vernacular this security program for merchants is sometimes called CISP (cardholder information security program).

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Terms of Service MANAGED FIREWALL Service

Basics of Internet Security

Managing IT Security with Penetration Testing

Proxy Server, Network Address Translator, Firewall. Proxy Server

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Network & Information Security Policy

Module 6. Configuring and Troubleshooting Routing and Remote Access. Contents:

Information Security Network Connectivity Process

E-Commerce Security Perimeter (ESP) Identification and Access Control Process

Application Note. Using a Windows NT Domain / Active Directory for User Authentication NetScreen Devices 8/15/02 Jay Ratford Version 1.

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

NERC CIP Whitepaper How Endian Solutions Can Help With Compliance

7.1. Remote Access Connection

VPN Overview. The path for wireless VPN users

Raptor Firewall Products

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, Concepts.

Executive Summary and Purpose

U.S. SECURITIES & EXCHANGE COMMISSION

CMPT 471 Networking II

FIREWALL POLICY November 2006 TNS POL - 008

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

Enterprise K12 Network Security Policy

OBM (Out of Band Management) Overview

Rule 4-004G Payment Card Industry (PCI) Remote and Mobile Access Security (proposed)

How To Protect Your Network From Attack

Network Security: From Firewalls to Internet Critters Some Issues for Discussion

Agenda. Cyber Security: Potential Threats Impacting Organizations 1/6/2015. January 10, 2015 Scott Petree

Best Practices (Top Security Tips)

Remote Administration

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement... 2

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

RAP Installation - Updated

Firewalls, Tunnels, and Network Intrusion Detection

Remote Access and Network Security Statement For Apple

Workflow Templates Library

ICANWK406A Install, configure and test network security

IT - General Controls Questionnaire

Data Security, Fraud Prevention, and Cost Control. Mike Dorland, CPP Regional Marketing Representative Michigan Retailers Association

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

How Managed File Transfer Addresses HIPAA Requirements for ephi

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

Using a VPN with Niagara Systems. v0.3 6, July 2013

It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe

Exhibit B5b South Dakota. Vendor Questions COTS Software Set

SECURELINK.COM ENTERPRISE REMOTE SUPPORT NETWORK

MN-700 Base Station Configuration Guide

Part A:Background/Preparation

SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures

Account Management Standards

Cisco Configuring Commonly Used IP ACLs

Application Security Policy

933 COMPUTER NETWORK/SERVER SECURITY POLICY

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

Achieving PCI-Compliance through Cyberoam

WAN Failover Scenarios Using Digi Wireless WAN Routers

Best Practices For Department Server and Enterprise System Checklist

Remote Access Platform. Architecture and Security Overview

Designing a security policy to protect your automation solution

DHHS Information Technology (IT) Access Control Standard

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

HANDBOOK 8 NETWORK SECURITY Version 1.0

Transcription:

No. 815.1 SECTION: OPERATIONS ALTOONA AREA SCHOOL DISTRICT TITLE: THIRD PARTY NETWORK ACCESS ADOPTED: August 17, 2009 REVISED: 815.1. THIRD PARTY NETWORK ACCESS 1. Purpose The purpose of this policy is to ensure that a secure method of network connectivity between Altoona Area School District and all third parties and to provide a formalized method for the request, approval and tracking of such connections. 2. Authority External vendor data network connections to Altoona Area School District can create potential security exposures if not administered and managed correctly and consistently. These exposures may include nonapproved methods of connection to the district network, the inability to shut down access in the event of a security breach, and exposure to hacking attempts. All external vendor data network connections therefore, must be approved by the district s Technology Department. This policy applies to all new third party network connection requests and any existing third party network connections. When existing third party network connections do not meet all of the guidelines and requirements outlined in this policy, they will be re-engineered as needed. 3. Guidelines Third-Party Connection Requests And Approvals 1. All requests for third party connections must be made using the appropriate method based on the support organization. 2. The required information is outlined in the Third Party Network Access Request Questionnaire Information Requirements Document. It is the Technology Department s responsibility to ensure that the third party has provided all of the necessary information and that such information is correct. 3. All third party connection requests must have a district administrative level signature for approval. In some cases approval may be given at a lower level with pre-authorization from the appropriate district administrator. Also, all third parties requesting a network connection must complete and sign the district s Third Party Network Access Agreement. Page 1 of 5

815.1. THIRD PARTY NETWORK ACCESS - Pg. 2 4. As a part of the request and approval process, the technical and administrative contact within the third party s organization or someone at a higher level within third party s organization shall be required to read and sign the Third Party Network Access Agreement and any additional documents as required. Connectivity Options 1. The following five (5) connectivity options are the standard methods of providing a third party network connection. Anything that deviates from these standard methods must have a waiver sign-off at the administration level: a. Leased line (e.g., T1) - Leased lines for third parties shall be terminated on the third party and/or the district s network. b. ISDN/FR - Dial leased lines will terminate on a third party and/or the district s router. Authentication for these connections must be as stated in this policy. c. Encrypted Tunnel - Encrypted tunnels must be terminated on the third party s and/or district s network whenever possible. In certain circumstances, it may be required to terminate an encrypted tunnel on the dirty subnet, in which case the normal district s perimeter security measures will control access to internal devices. d. Telnet access from Internet - Telnet access from the Internet will be provided by first telneting to the third party s gateway machine, when the connection will be authenticated as stated below. Once the connection is authenticated, telnet sessions to internal hosts shall be limited to those services needed by using the authorization capabilities of the district s network security. e. Remote Dial-up via PPP/SLIP - Remote dial-up via PPP/SLIP shall be provided by a separate third party modem pool. The connection will be authenticated as stated below. Third Party Access Points When possible, third party access points (PAP s) may be established in locations such that the cost of the access is minimized. Each PAP should consist of at least one (1) router. Page 2 of 5

815.1. THIRD PARTY NETWORK ACCESS - Pg. 3 Services Provided 1. In general, services provided over third party connections should be limited only to those services needed, and only to those devices (hosts, routers, etc.) needed. Blanket access shall not be provided for anyone. The default policy position is to deny all access and then only allow those specific services that are needed and approved by the district pursuant to the established procedure. 2. In no case shall a third party network connection to the district be used as the Internet connection for the third party. The standard set of allowable services are listed below: a. File Exchange via ftp - where possible, file exchange via ftp should take place on the existing Altoona Area School District s ftp servers. b. Electronic Mail Exchange - business-related e-mail exchange between the district and third parties may be conducted over the network connection as needed. Mail from third party sites to nondistrict addresses will not be allowed over the network connection. c. Telnet Access - telnet access shall be provided to specific district hosts, as needed. Employees from third parties shall only be given accounts on the specific district host servers that are needed. Where possible, router ACL s and static routes will be used to limit the paths of access to other internal district hosts and devices. d. Web Resource Access - access to Altoona Area School District s public web resources shall be accomplished via the normal Internet access for the third party. e. Access To Source Code Repositories - this access will be decided on a caseby-case basis. f. SQL *Net Access - this will be decided on a case-by-case basis. Authentication For Third Party Network Connections Third party network connections made via remote dial-up using PPP/SLIP or standard telnet over the Internet will be authenticated using the district s firewalls and server security. Third parties must notify the district when access to the district s network is required. The district will then activate the appropriate network connection. Page 3 of 5

815.1. THIRD PARTY NETWORK ACCESS - Pg. 4 Protection Of Company Information And Resources The Altoona Area School District network support group is responsible for the installation and configuration of a specific third party connection and must ensure that all possible measures have been taken to protect the integrity and privacy of all the district s confidential information. At no time should the district rely on access/authorization control mechanisms at the third party s site to protect or prohibit access to the district s confidential information. The district shall not have any responsibility for ensuring the protection of third party information. The third party shall be entirely responsible for providing the appropriate security measures to ensure protection of their private internal network and information. Audit And Review Of Third Party Network Connections All aspects of third party network connections up to, but not including the company s firewall, may be monitored by the appropriate district s network support group. Where possible, automated tools shall be used to accomplish the auditing tasks. Audits may be performed on all district-owned/maintained third party router/network device configurations and the output shall be provided to the appropriate district network support group. Any unauthorized changes shall be investigated immediately. All third party network connections may be reviewed at anytime and information regarding specific third party network connection shall be updated as necessary. Obsolete third party network connections will be terminated. Altoona Area School District s Technology Department The district s Technology Department has the responsibility for maintaining related policies and standards. The Technology Department shall also provide advice and assistance regarding judgment calls, and will facilitate information gathering in order to make a correct decision. Global coordination of confidentiality and nondisclosure agreements with all third parties is also the responsibility of the district s Technology Department. The Technology Department is also responsible for all global firewall design, configuration and engineering required for support of all approved third party network connections. Page 4 of 5

815.1. THIRD PARTY NETWORK ACCESS - Pg. 5 References: TEC-F003 Third Party Network Access Agreement TEC-P002 Third Party Network Access Agreement Terms and Conditions TEC-F004 Third Party Connection Request Questionnaire Information Requirements Document Page 5 of 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information