Good Practice Set For ICT Security and Acceptable Use



Similar documents
Network Infrastructure Security Good Practice Guide. August 2009

Application Note. Network Optimization with Exinda Optimizer

BroadCloud PBX Customer Minimum Requirements

Acceptable Use Policy - Staff

This document sets out a voluntary industry code of practice on traffic management transparency for broadband services.

Edgewater Routers User Guide

Acceptable Use and Publishing Policy

EMERSON PARK ACADEMY

Information Security Policy

Proxy Services: Good Practice Guidelines

ETM System SIP Trunk Support Technical Discussion

WebMarshal User Guide

NORTHLAND COMMUNICATIONS BROADBAND INTERNET SERVICES NETWORK MANAGEMENT POLICY

FRANKFORT PLANT BOARD CABLE MODEM INTERNET BROADBAND INTERNET SERVICE DISCLOSURES

Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud

NineStar Connect MASS MARKET INTERNET SERVICE POLICIES AND CUSTOMER INFORMATION. Policy Statement:

Best practice for SwiftBroadband

Our Customer Relationship Agreement IINET VDSL2 SERVICE DESCRIPTION

Controlling and Managing Security with Performance Tools

Edgewater Routers User Guide

How to Use SNMP in Network Problem Resolution

UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY

NSW Government. Wireless services (WiFi) Standard

Netgear TA612VMNF & TA612VLD Netgear WGR613VAL. Quality of Service (QOS) function

Netsweeper Whitepaper

TELUS Business Connect Customer Onboarding Guide. How to successfully set up your service

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

Dell Unified Communications Command Suite - Diagnostics 8.0. Data Recorder User Guide

NEWWAVE COMMUNICATIONS BROADBAND INTERNET SERVICE DISCLOSURES. Updated October 2012

Best Practices for Log File Management (Compliance, Security, Troubleshooting)

Network Security Policy: Best Practices White Paper

Trustwave SEG Cloud Customer Guide

JACKSON ENERGY AUTHORITY BROADBAND INTERNET SERVICE DISCLOSURES. Update November 20, 2011

The Snare Agents Commercial or Open Source? - White Paper -

Application to access Chesters Trade

Peer to Peer File Sharing and Copyright Infringement Policy

Steps to Migrating to a Private Cloud

Secure Web Service - Hybrid. Policy Server Setup. Release Manual Version 1.01

Dell InTrust Preparing for Auditing and Monitoring Microsoft IIS

SUNYIT. Reaction Paper 2. Measuring the performance of VoIP over Wireless LAN

Step-by-Step Configuration

EMPLOYEE COMPUTER NETWORK AND INTERNET ACCEPTABLE USAGE POLICY

White Paper UC for Business - Queuing Desktop SMTP

Service Schedule for Business Lite powered by Microsoft Office 365

Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations

Dell Statistica. Statistica Document Management System (SDMS) Requirements

MISSISSIPPI DEPARTMENT OF HEALTH COMPUTER NETWORK AND INTERNET ACCESS POLICY

Acceptable Use of Information and Communication Systems Policy

Enterprise Broadband Customer Service Description

VIRGIN BROADBAND BROADBAND SERVICES DESCRIPTION 1 ABOUT THIS SERVICE DESCRIPTION HOW WILL WE NOTIFY YOU OF CHANGES TO THE AGREEMENT?.

Endpoints means the software instances or devices that are enabled by the Service to access UC Services;

Self Help Guides. Setup Exchange with Outlook

WAN Optimization for Microsoft SharePoint BPOS >

IMX Mobile Proxy Administration

Dell InTrust Preparing for Auditing Microsoft SQL Server

Service Schedule for BT Business Lite Web Hosting and Business Lite powered by Microsoft Office 365

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

EXINDA NETWORKS. Deployment Topologies

Computer Network & Internet Acceptable Usage Policy. Version 2.0

Dell Statistica Statistica Enterprise Installation Instructions

LAKE REGION ELECTRIC COOPERATIVE, INC. BROADBAND INTERNET SERVICE DISCLOSURES. Updated September, 2013

SHIDLER TELEPHONE INTERNET BROADBAND INTERNET SERVICE DISCLOSURES. Updated November 20, 2011

Network Management, Performance Characteristics, and Commercial Terms Policy. (1) mispot's Terms of Service (TOS), viewable at mispot.net.

Synthetic Application Monitoring

Three Key Design Considerations of IP Video Surveillance Systems

HTC Communications Acceptable Use Policy High Speed Internet Service Page 1 of 5. HTC Communications

SCOPE OF SERVICE Hosted Cloud Storage Service: Scope of Service

refers to an HKC-approved cable modem, power adaptor, splitter, Ethernet cable and coaxial

By Citrix Consulting. Citrix Systems, Inc.

Web Drive Limited STANDARD TERMS AND CONDITIONS FOR THE SUPPLY OF SERVICES

Evaluation Guide. iprism Web Security V7.000

The Business Case for Security Information Management

BLOOMFIELD COLLEGE ACCEPTABLE USE POLICY

CONNECTING YOUR NAKED DSL SERVICE

Data Protection. Administrator Guide

Network Management Practices Policy

VIA CONNECT PRO Deployment Guide

Spotlight Management Pack for SCOM

Active Directory Change Notifier Quick Start Guide

Transcription:

Sensible Use of Bandwidth Good Practice Guide August 2009

contents 1 Introduction to Good Practice Guides 3 2 Sensible Use of Bandwidth Overview 3 3 Applicability of Sensible Use of Bandwidth Good Practice Guidelines 3 4 Sensible Use of Bandwidth Good Practice Guidelines 4 4.1 Bandwidth Accountability & Monitoring 4 4.2 Bandwidth Usage Limitations 4 4.3 Disciplinary Processes 4 5 Bandwidth Management Controls 5 5.1 Internal Bandwidth Prioritisation Good Practice 5 5.2 Internal Bandwidth Prioritisation Better Practice 5 6 Appendix A: Definitions 6 7 Appendix B: Checklists 7 7.1 Good Practice Checklist 7 8 Document Control 8 VERSION: AUGUST 2009 2

1 INTRODUCTION TO GOOD PRACTICE GUIDES This document is a good practice guide concerning bandwidth usage in the various international agricultural research centers that are supported by the Consultative Group for International Agricultural Research (CGIAR). This guide forms part of the CGIAR-wide baseline ICT Security good practice set. The good practice set does not contain mandatory requirements that centers are required to implement. Instead, it outlines a number of good practices with respect to enterprise ICT security. The prudence of implementing specific good practices identified in this guide will depend on the risk profile associated with the ICT environment in each center. A set of checklists is provided at the end of this guide to assist with the process of determining those good practices which will be relevant depending on the risk profile of each center for each area of ICT security. The initial ICT Security and Acceptable Use good practice set has been prepared in consultation with the CGIAR center IT community under a process jointly managed by the CGIAR ICTKM Program and the CGIAR Internal Auditing Unit (IAU). This guide draws on the results of work undertaken in the CGIAR Enterprise Security and Business Continuity Project; additional inputs from the IT community, internal auditors, and from SIFT Pty Ltd, an information security and risk management services firm which assisted in the preparation of these guides. The ICTKM and IAU units will coordinate future updates in consultation with the CGIAR center IT community. 2 SENSIBLE USE OF BANDWIDTH OVERVIEW Ensuring that bandwidth is utilised and managed appropriately helps to maintain the operative efficiency of CGIAR centers communication and research. Inefficient Internet use can cost CGIAR centers significant amounts in network resources, financing and lost productivity. This document outlines the recommended restrictions and usage practices surrounding network bandwidth management in CGIAR centers. 3 APPLICABILITY OF SENSIBLE USE OF BANDWIDTH GOOD PRACTICE GUIDELINES The recommendations outlined in this document will be most applicable to low-bandwidth sites. For facilities with the following attributes: High bandwidth connections; and/or No usage quotas or limits from Internet Service Providers; and No excess-usage costs; and No issues with quality of service; then a decision from the IT department can be made regarding which sections of this document do not apply. VERSION: AUGUST 2009 3

4 SENSIBLE USE OF BANDWIDTH GOOD PRACTICE GUIDELINES 4.1 Bandwidth Accountability & Monitoring 4.1.1 Center policies should identify users as being responsible for all Internet traffic generated by their workstation on the CGIAR network. 4.1.2 It is recommended that center policies require bandwidth usage to be monitored and reviewed as determined on a per-user or per-system basis. Where specific limits have been set for a center, quotas should be provided to users to assist them in ensuring total bandwidth usage (including both traffic into or out of the CGIAR center s network) is managed appropriately. 4.1.3 If bandwidth quotas are used, users should be provided with a means to review their usage and performance against the quota. 4.2 Bandwidth Usage Limitations 4.2.1 Center policies should include bandwidth quota requirements determined by the center and communicated to center staff. To enforce bandwidth quotas, proxy based solutions readily available on the Internet are recommended (for example RhinoSoft AllegroSurf www.allegrosurf.com). 4.2.2 It is recommended that where users require considerable bandwidth for services such as streaming media, downloading large files, or performing system updates, the user should follow their center s policy on the appropriate timing for such activities (for example downloading large files overnight rather than during the business day, and pausing the download if it flows over to the next business day). Alternatively, users can approach their research leaders, operations leaders as well as the IT team to seek permission or assistance in downloading the files as soon as possible. Transfer limits which limit bandwidth throughput may be utilised for low priority business hour downloads to ensure that other business bandwidth usage can continue unaffected. 4.2.3 CGIAR centers should ensure policies require restriction of resource-heavy services in cases where they are not utilised for center-related purposes. 4.2.4 CGIAR center should maintain a policy which requires setup of appropriate file size limits for upload or download over center services or protocols. For example: Don t send an email with attachments over 5MB Don t download a file over 50MB through any protocol without asking and gaining approval from the center s IT department Note that these size limits are indicative only; individual centers should determine approach limits based on badwidth/quota limits and research requirements. E-mail size constraints can be set using parameters in Center mail systems. It is recommended that where a mail server denies emails due to size constraints, that it returns an email to the sender notifying them that the email was rejected for this reason. This applies to both outgoing email from internal senders or incoming email from external senders. 4.3 Disciplinary Processes 4.3.1 CGIAR center policies should outline a disciplinary process applicable to when users abuse bandwidth, providing for issuing a warning initially, followed by further action if the behavior persists. VERSION: AUGUST 2009 4

5 BANDWIDTH MANAGEMENT CONTROLS Internal Bandwidth prioritisation controls have been included in this document to assist centers in the management of bandwidth use to ensure the qualitiy and availability of bandwith resources to high prioritised systems. It is recommended that these controls are included in relevant CGIAR center policies. 5.1 Internal Bandwidth Prioritisation Good Practice 5.1.1 Bandwidth is to be prioritised for center related usage, such as performing research tasks and operations. If necessary, non-center related access to bandwidth may be curtailed in order to ensure center data can continue to be sent / received. 5.1.2 There are some cases where broadband enabled services such as VoIP may exist on shared bandwidth and data environments. Centers should maintain policies and procedures to ensure that users do not utilise large amounts of bandwidth if that could disrupt the availability of these services. 5.2 Internal Bandwidth Prioritisation Better Practice 5.2.1 CGIAR centers can utilise Quality of Service (QoS) mechanisms in place to manage the priorities of bandwidth utililisation for different services, users, applications etc. over internal network connections, to ensure steady throughput for these connections. It is recommended that these are utilised, and that any traffic related to core center operations should be prioritised. Any non center related bandwidth should be deprioritised. Implementing QoS 1 will depend on the services that it is being introduced for. For example a VoIP system will usually have QoS configuration capability available from the management console. Administrators should determine which applications require QoS controls, and prioritise which are the most critical for the center. Following this, class lists should be setup listing these priorities, then applied to all infrastructure that will be supporting the QoS services (routers, switches, etc). 1 Further information regarding implementation of QoS is readily available on the Internet (eg. http://www.ciscopress.com/articles/article.asp?p=471096). VERSION: AUGUST 2009 5

6 APPENDIX A: DEFINITIONS Bandwidth: Refers to a the amount of data throughput going into or out of a network. In this case, the amount of data flow between the Internet and the CGIAR center s network. Peer to peer technology: Computer network connections where hosts such as workstations or personal computers can connect directly to one another, without the need for servers inbetween. Quality of Service (QoS): Quality of Service features provide the ability to prioritise bandwidth utilisation across a network, over data sources, data types, users and other network criteria. VERSION: AUGUST 2009 6

7 APPENDIX B: CHECKLISTS The following checklists are designed to assist CGIAR centers that wish to adopt any or all of the good and better practices listed in this document. The checklists should be used by a center when attempting to assess their level of current adherence with the guidelines listed in this document. This will allow any gaps with good and better practices to be identified, after which centers can assess whether addressing those gaps will be feasible. 7.1 Good Practice Checklist Guideline Number Guideline Tick if center currently adhere to this guideline Section 4.1 Bandwidth Accountability & Monitoring 4.1.1 Users held responsible and accountable for all Internet traffic generated by their workstation 4.1.2 Usage is monitored and reviewed on a per-user or persystem basis 4.1.3 If bandwidth quotas are used, users should be provided with a means to review their usage and performance against the quota Section 4.2 Bandwidth Usage Limitations 4.2.1 Bandwidth quotas for each user should be determined by CGIAR centers and communicated to CGIAR center staff 4.2.2 Users with heavy bandwidth resource requirements (streaming, large downloads etc) should time activities outside of center peak usage 4.2.3 Restrict a number of specific resource-heavy services in cases where they are not utilised for center-related purposes (p2p, music / video streaming) 4.2.4 Set appropriate file size limits for upload or download over center services or protocols Section 4.3 Disciplinary Processes 4.3.1 Utilise disciplinary process where users exceed bandwidth usage quotas Appendix A: Bandwidth Prioritisation Good Practice 5.1.1 Bandwidth is to be prioritised for center use. If necessary, end-user access to bandwidth may be curtailed in order to ensure center data can continue to be sent / received 5.1.2 Centers should ensure that users do not utilise large amounts of bandwidth if that could disrupt the availability VERSION: AUGUST 2009 7

Guideline Number Guideline Tick if center currently adhere to this guideline of these services Appendix A: Bandwidth Prioritisation Better Practice 5.2.1 Utilise Quality of Service mechanisms to control network bandwidth priorities 8 DOCUMENT CONTROL Version Control Log Version Description Date 1.00 Third revision from client feedback 19 Jun 2009 1.10 First published edition 24 Aug 2009 Copyright & Legal This guideline, prepared specifically for Consultative Group for International Agricultural Research, is the intellectual property of SIFT Pty Limited. When finalised, SIFT Pty Limited authorises CGIAR to reproduce or disseminate this guideline as necessary to further the aims and goals of CGIAR, under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 Australia License In no event shall SIFT Pty Limited be liable to anyone for special, incidental, collateral, or consequential damages arising out of the use of this information. SIFT is a Registered Trademark of SIFT Pty Ltd. Many designations used by manufacturers and sellers to distinguish their products are claimed as trademarks or other proprietary rights. Where designations appear, and when the editorial staff were aware of a claim, the designations have been shown. Other trademarks, registered trademarks, and service marks are the property of their respective owners. Copyright 2009 SIFT Pty Limited. Originated in Australia. The first published version provided by SIFT Pty Limited, and future versions with modifications made by the CGIAR, as coordinated through the CGIAR ICTKM Program and the CGIAR Internal Auditing Unit, are being distributed by these Units in accordance with the terms of the above license, which can be found at http://creativecommons.org/licenses/by-nc-sa/2.5/au/ VERSION: AUGUST 2009 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information