Data Network Security Policy



Similar documents
STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

Student Halls Network. Connection Guide

ULH-IM&T-ISP06. Information Governance Board

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

INFORMATION GOVERNANCE POLICY: NETWORK SECURITY

1 Purpose Scope Roles and Responsibilities Physical & Environmental Security Access Control to the Network...

ADM:49 DPS POLICY MANUAL Page 1 of 5

OSU INSTITUTE OF TECHNOLOGY POLICY & PROCEDURES

Information Technology Security Procedures

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

NETWORK SECURITY POLICY

RAS Associates, Inc. Systems Development Proposal. Scott Klarman. March 15, 2009

NOS for Network Support (903)

ICANWK406A Install, configure and test network security

Managed Hosting & Datacentre PCI DSS v2.0 Obligations

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Enterprise Broadband Customer Service Description

State of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE NETWORK RESOURCES POLICY

Data Access Request Service

Use of Exchange Mail and Diary Service Code of Practice

Digi Connect WAN Application Guide Using the Digi Connect WAN and Digi Connect VPN with a Wireless Router/Access Point

Network Security Policy

Connecting to the Internet. LAN Hardware Requirements. Computer Requirements. LAN Configuration Requirements

Determine if the expectations/goals/strategies of the firewall have been identified and are sound.

Policy Title: HIPAA Access Control

Catapult PCI Compliance

801.11n Wireless Broadband Router

Introduction. Network Basics. Workstations. Server. Hub

Network Services Internet VPN

Mike Casey Director of IT

Using a VPN with Niagara Systems. v0.3 6, July 2013

MSP Service Matrix. Servers

Rotherham CCG Network Security Policy V2.0

OCR LEVEL 3 CAMBRIDGE TECHNICAL

What is Bitdefender BOX?

N e t w o r k E n g i n e e r Position Description

Technical White Paper

UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY

Edgewater Routers User Guide

Smart Telephone System

GETTING STARTED WITH A COMPUTER SYSTEM FACTSHEET

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

Using a VPN with CentraLine AX Systems

ASUS WL-5XX Series Wireless Router Internet Configuration. User s Guide

Supplier Information Security Addendum for GE Restricted Data

Cyber Essentials Questionnaire

Unisys Internet Remote Support

Remote Access End User Guide (Cisco VPN Client)

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Stable and Secure Network Infrastructure Benchmarks

APPENDIX 8 TO SCHEDULE 3.3

MANAGED SECURITY SERVICES RESPONSIBILITIES GUIDE July 2013

Dublin Institute of Technology IT Security Policy

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL

Configuring High Availability for Embedded NGX Gateways in SmartCenter

Multi-Homing Dual WAN Firewall Router

Firewall VPN Router. Quick Installation Guide M73-APO09-380

How To Protect Decd Information From Harm

Network Security Policy

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

Edgewater Routers User Guide

Web Authentication Application Note

GMS NETWORK ADVANCED WIRELESS SERVICE PRODUCT SPECIFICATION

SCOPE OF SERVICE Hosted Cloud Storage Service: Scope of Service

Remote Access Policy

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

Secondary DMZ: DMZ (2)

A Guide to Information Technology Security in Trinity College Dublin

Business Internet Banking security user guide

ICAB5238B Build a highly secure firewall

Remote Deposit Terms of Use and Procedures

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

H.I.P.A.A. Compliance Made Easy Products and Services

Chapter 7 Troubleshooting

Cyber Essentials Scheme

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

CHIS, Inc. Privacy General Guidelines

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

TECHNICAL SECURITY AND DATA BACKUP POLICY

Adit 3000 Series Part Guide

CMPT 471 Networking II

NETWORK SECURITY GUIDELINES

Information and Communication Technology. Firewall Policy

Palo Alto Networks AAC Lab Creation Guidelines v1.0

Transcription:

Authors: Mike Smith Rod Makosch Network Manager Data Security Officer IM&T IM&T Version No : 1 Approval Date: March 2005 Approved by : John Aird Director of IM&T Review Date : 1 April 2006 Trust Ref: C7/2005 Page 1 of 10

Page 2 of 10

Index 1. Introduction...4 1.1. UHL Network Policy Statement...4 2. Structure of the DN...4 2.1 Responsibilities...5 2.3 Network documentation...5 2.4. The NHS Code of Connection...5 3. Access to the IM&T Data Network...5 3.1 Methods of access to the DN...5 3.1.1 Access via network port...5 3.1.2 RAS Access...5 3.1.3 Access via modem...6 3.1.4. Access via GPRS & broadband...6 3.1.5 Wireless access...6 3.1.6 Access granted to other NHS bodies...6 3.1.7 External connections...6 3.2 Account access to the DN...7 3.2.1 Administrator Access...7 3.2.2 User Access...7 3.2.3 Third Party Access...8 4. Physical security of DN components...8 4.1. Cores & Switches...8 4.2. Hubs...8 4.3. Fibre & Copper Cabling and other transport media...8 4.4. DN Component Maintenance...9 5. Electronic security of DN components...9 5.1. Anti Virus...9 5.2 Firewalls...9 5.3 Security Logging...10 6 Resilience and capacity management...10 Page 3 of 10

1. Introduction The IT Data Network (DN) is a vital component of the smooth running of most IT systems within the UHL, allowing users to access both clinical systems (e.g. HISS and PACS) and non clinical systems (e.g. email and finance) It is therefore essential that a robust framework is developed to ensure a secure network infrastructure throughout the UHL. This policy covers the following areas:- Access to the DN Physical security of DN components Electronic security of DN components Resilience and capacity management Reference is made, within this policy, to detailed procedural documentation for IM&T Technical Operations. Where such a reference is made, a link to the procedure will be incorporated. 1.1. UHL Network Policy Statement All wide and local area networks will be managed to accepted security standards. These will, as a minimum, meet the requirements set out in the NHSNet Code of Connection and BS7799. 1 UHL signs the NHS Code of Connection 2. Structure of the DN The DN consists of a. The WAN, fibre cabling connecting the three hospital sites, backed up by a microwave link. b. Three LANs, a mixture of fibre and copper cabling within the hospital sites. c. A number of network hardware devices, cores, switches and hubs on each site. 1 Information Security Policy A10/2003 Page 4 of 10

2.1 Responsibilities All components of the DN are under the control of the Directorate of IM&T, and specifically the Network Administration section of the Technical Operations Department. 2.3 Network documentation The Network Administration section must maintain current network diagrams detailing the configuration of the DN itself and all the major network components on it. These diagrams are to be kept, securely, within IM&T and copies must be lodged with the company supplying external support for the DN. 2.4. The NHS Code of Connection All connections to the DN must comply with the current NHSNet Security Operating Procedures. (Currently available at:-http://nww.nhsia.nhs.uk/security/pages/syops) 3. Access to the IM&T Data Network 3.1 Methods of access to the DN There are a number of methods used to access the DN, these are:- Access via a network port RAS (Remote Access Server) access Access via a modem Access via GPRS & Broadband Wireless (WiFi) access 3.1.1 Access via network port Access via a network port within the UHL is the most common form of access to the DN. Only devices authorised and administered by IT (or in certain circumstances named officers of the UHL acting on behalf of IT) are allowed to be attached to the DN. 3.1.2 RAS Access RAS access is a system allowing for users to connect to the DN over the public telephone network. Users using this form of access from UHL laptops must have the laptop set up with two profiles, one disabling the network card and the other disabling the modem. Users accessing the DN by this method Page 5 of 10

must agree to comply with the Policy on Mobile Computing (currently under development) and must have completed the appropriate documentation. A register of all users granted access via the RAS system is kept by IM&T. 3.1.3 Access via modem Access via a modem is allowed only for certain third party support companies, a register of these companies, incorporating details of the systems supported and contacts is maintained by IM&T. All modem access activity must be logged and monitored. Modems must be switched off and disconnected from the network when not in use. Efforts must be made to discourage this form of access. 3.1.4. Access via GPRS & broadband Access via GPRS or broadband offer alternative methods of accessing the DN via the public telephone system (see 1.2 above). These are supplied by third party VPN secure gateways from BT and Cable and Wireless. Users accessing the DN by this method must agree to comply with the Policy on Mobile Computing (currently under development) and must have completed the appropriate documentation. A register of all users granted access via GPRS or broadband is kept by IM&T. 3.1.5 Wireless access The UHL has a number of wireless access points. Configuration of these must comply with the relevant section of the NHSnet System Operating Procedures see: http://nww.nhsia.nhs.uk/security/pages/syops/docs/wirelesslan.asp A full risk assessment will be completed for all requested wireless access points and details of these are kept with the network documentation (See 2.3 above). 3.1.6 Access granted to other NHS bodies Access, to the DN, is granted to local NHS bodies as a part of reciprocal arrangements covering rights to use various systems. 3.1.7 External connections All external connections must be established by IM&T. Before allowing third party access a risk assessment will be conducted to identify risks and appropriate counter measures. Arrangements for third party access must be based on a formal contract containing, or referring to, all the necessary security conditions to ensure that the organisation can satisfy NHS information security requirements. Contracts Page 6 of 10

may include agreement for the Trust to audit the security arrangements the third party has in place. Details of these connections are kept with the network documentation (See 2.3 above). 3.2 Account access to the DN Access is split into three distinct areas: Administrator access this is the access granted to the members of the Network Administration Section of the Technical Operations Department within IM&T and to any external supplier contracted to provide support for the network. Individual officers having this level of access are granted the rights to configure network devices and monitor network traffic. A register of users having this level of access is maintained by the Deputy Operations Programme Manager. User access this is the access granted to the majority of staff within the UHL. Individuals who have this level of access are granted the rights to log on to the DN and use facilities on it appropriate to their requirements. Third Party access this is the access granted to organisations outside the UHL who require access to the DN in order to support applications or other systems. A register of organisations having this level of access is maintained by the Deputy Operations Programme Manager. 3.2.1 Administrator Access UHL officers granted this level of access are responsible for the maintenance of network availability as detailed in section 6 (see below). They are also responsible for the maintenance of the network diagrams. 3.2.2 User Access UHL officers granted this level of access are responsible for their account details are kept secure and must report, to IM&T, any incidence, whether actual or suspected, where this security may have been compromised. User access to the IM&T Data Network will only be granted to individuals upon receipt of a properly completed application form. Access will only be granted on the understanding that the user granted access will comply with the relevant policies on use of the network, email and the internet. Page 7 of 10

3.2.3 Third Party Access Companies offering third party support for systems within the UHL will only be granted sufficient access to the DN to allow them to fulfil their support function. 4. Physical security of DN components No equipment is to be attached to the IM&T Data Network without the prior agreement of the Director of IT. (Note this authorisation authority can be delegated to any officer within the IT Directorate). Formal change control procedures will be instigated for all significant modifications to the DN (patching of individual ports is not regarded as significant). The change control register is maintained by the Network Administration Section. DN components must be sited so as to avoid interference from other potential sources of electromagnetic interference. 4.1. Cores & Switches These devices form a major component of the DN and, as such, must be kept in an appropriately secure environment. Only members of the Network Administration Section; authenticated officers of the external network support company or authenticated officers of am approved cabling company are allowed access to this equipment. Any other individual requiring access to this equipment must be supervised by a member of the Network Administration Section. 4.2. Hubs Risk assessments must be completed for all hubs and security afforded them dependant upon the effect on business continuity of their loss. Access to hub rooms and cabinets must be restricted, where possible, to IT staff and, where hubs are situated in shared accommodation, the hub cabinets (closets) must be kept locked. 4.3. Fibre & Copper Cabling and other transport media All cabling, fibre or copper, used on the DN must be of an approved standard and laid, where possible, in appropriate containment. Page 8 of 10

4.4. DN Component Maintenance Key components within the DN must be connected to essential power supplies, backed up by UPS. Remote environmental monitoring of key components within the DN must be carried out to ensure that they remain within the manufacturers recommendations. Suitable spares must be held available on-site for failures of access layer components. Core components must be available from the third party support company within an agreed time. 5. Electronic security of DN components Network access to DN components must be restricted to members of the Network Administration Section. Administrator login credentials for DN components must be changed from the manufacturer s defaults on installation and must subsequently be changed at a minimum of every 90 days. Passwords for accounts with administrator access to the DN will be a minimum of 8 characters and require both alpha and numeric digits. 5.1. Anti Virus The DN must be protected by suitable anti virus software being loaded and run, as appropriate, on devices connected to it. The anti virus software must be kept up to date with patched supplied by the provider of the software and an automatic update policy applied to all attached equipment. 5.2 Firewalls The DN must be protected by suitable firewalls. There firewalls must all be configured to prevent all inappropriate access from outside the UHL to the DN. To ensure consistency, all firewalls must be configured in the same way. Firewall logs must be scrutinised regularly to check for problems, evidence of this scrutiny must be recorded in a register maintained by the Network Administration Section. Page 9 of 10

5.3 Security Logging All computers, servers, workstations and routers on the network will have logging of security relevant events enabled in circumstances where those logs can be reviewed, so that an audit trail of incidents will be available. 6 Resilience and capacity management Appropriate risk assessments must be completed annually on the major components of the DN. From these risk assessments, adequate resilience must be planned and built into the DN to avoid loss of service resulting from a malfunction in one component. The effect on the DN must be incorporated into the planning on any project involving the use of IT equipment and, where necessary, allowance must be made within the project plan for additional capacity on the DN. Regular monitoring of traffic on the DN must be completed, by the Network Administration Section, to identify problems and enable timely and appropriate upgrades to be made to the system. Page 10 of 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information