Network Service, Systems and Data Communications Monitoring Policy



Similar documents
Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012

INFORMATION GOVERNANCE POLICY: NETWORK SECURITY

Electronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012

COMMZOOM BROADBAND INTERNET SERVICE DISCLOSURES

YUKON-WALTZ TELEPHONE COMPANY BROADBAND INTERNET SERVICE DISCLOSURES

Acceptable Usage Policy

LAKE REGION ELECTRIC COOPERATIVE, INC. BROADBAND INTERNET SERVICE DISCLOSURES. Updated September, 2013

POTTAWATOMIE TELEPHONE COMPANY BROADBAND INTERNET SERVICE DISCLOSURES. Updated November 19, 2011

SHIDLER TELEPHONE INTERNET BROADBAND INTERNET SERVICE DISCLOSURES. Updated November 20, 2011

ULH-IM&T-ISP06. Information Governance Board

NEWWAVE COMMUNICATIONS BROADBAND INTERNET SERVICE DISCLOSURES. Updated October 2012

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Dene Community School of Technology Staff Acceptable Use Policy

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Newcastle University Information Security Procedures Version 3

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

RESERVATION TELEPHONE COOPERATIVE BROADBAND INTERNET SERVICE DISCLOSURES

JACKSON ENERGY AUTHORITY BROADBAND INTERNET SERVICE DISCLOSURES. Update November 20, 2011

Acceptable Use Policy

Denial of Service Attacks, What They are and How to Combat Them

Guideline on Auditing and Log Management

SPAM FILTER Service Data Sheet

Embedded Network Solutions Australia Pty Ltd (ENSA) INTERNET ACCEPTABLE USE POLICY

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services

Acceptable Use Policy - NBN Services

Network & Information Security Policy

Service Description DDoS Mitigation Service

Chapter 9 Firewalls and Intrusion Prevention Systems

CMPT 471 Networking II

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

How To Protect Your Network From Attack From Outside From Inside And Outside

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)

co Characterizing and Tracing Packet Floods Using Cisco R

74% 96 Action Items. Compliance

Proxy Server, Network Address Translator, Firewall. Proxy Server

BUCKEYE EXPRESS HIGH SPEED INTERNET SERVICE ACCEPTABLE USE POLICY

Security Technology White Paper

AASTMT Acceptable Use Policy

UNIVERSITY GUIDEBOOK. Title of Policy: Acceptable Use of University Technology Resources

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

Virgin Media Business Acceptable Use Policy (Internet)

St. Peter s C.E. Primary School Farnworth , Internet Security and Facsimile Policy

NEW HOPE TELEPHONE COOPERATIVE

The Bishop s Stortford High School Internet Use and Data Security Policy

How To Configure Forefront Threat Management Gateway (Forefront) For An Server

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

FRANKFORT PLANT BOARD CABLE MODEM INTERNET BROADBAND INTERNET SERVICE DISCLOSURES

OSU INSTITUTE OF TECHNOLOGY POLICY & PROCEDURES

K7 Mail Security FOR MICROSOFT EXCHANGE SERVERS. v.109

NORTHLAND COMMUNICATIONS BROADBAND INTERNET SERVICES NETWORK MANAGEMENT POLICY

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Network Security Policy

Firewalls, Tunnels, and Network Intrusion Detection

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Belmont 16 Foot Sailing Club. Privacy Policy

Enterprise K12 Network Security Policy

Internet Use Policy and Code of Conduct

Cablelynx Acceptable Use Policy

Chapter 8 Security Pt 2

Southwest Arkansas Telephone Cooperative Network Management Practices

Network Security Policy

IBM Managed Security Services (Cloud Computing) hosted and Web security - express managed Web security

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

Sample Employee Network and Internet Usage and Monitoring Policy

Anti Spam Best Practices

Lecture 23: Firewalls

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Information Technology Acceptable Use Policy

Protecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

Firewalls Overview and Best Practices. White Paper

Computer Network & Internet Acceptable Usage Policy. Version 2.0

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.

COMPUTER USAGE -

Information Security

Transcription:

Network Service, Systems and Data Communications Monitoring Policy Purpose This Policy defines the environment and circumstances under which Network Service, Systems and Data Communications Monitoring activities will be performed, i.e., Informs users of the extent that network activities; interactions, services, systems and communications methods may be monitored Identifies what personnel may be authorised to perform monitoring functions Highlights the ethics, procedures and safeguards authorised personnel must employ prior to, during and after performing monitoring functions Identifies what information the monitoring processes may gather Identifies how long recorded information may be retained Outlines the purposes 'monitored information' may be used for, including any actions that may follow e.g., anti virus measures, anti spam measures, system blocks, protocol blocks etc Monitoring is an essential tool for gathering information, which may be used for a variety of purposes, e.g., Capacity planning for Network expansion and Service upgrades Fault investigations Incident handling Conformance testing against other PWC policies Law enforcement requests Scope The Committee of Poynton Workmens Club has granted the IT Administrator, and other persons in the Management involved in IT infrastructure support, the following authority: To authorise members of (their) staff to perform Network, Systems, Applications and Data Communications monitoring procedures that conform to this Policy and all relevant UK laws and regulations. From a legal perspective the Regulation of Investigatory Powers Act (RIPA) and the companion Telecommunications regulations 2000, covering lawful business practice and interception of communications, requires that all users of Poynton Workmens Club's Information Technology resources be made aware of the following: Users are hereby informed that their use of Poynton Workmens Club's data communications infrastructure, services, systems and applications may be monitored by authorised personnel as permitted by UK legislation. UK legislation allows the monitoring of systems and network traffic without consent for legitimate purposes such as: Recording evidence of transactions Policing regulatory compliance Detecting crime or unauthorised use Safeguarding the integrity of Poynton Workmens Club's Information Technology Infrastructure Policy Authorised personnel may monitor and analyse network services, systems, data (including file systems), applications and data communications facilities pertaining to Poynton Workmens Club's research and administration functions. This policy will also apply to Sponsored or Proxy licensees directly connected to Poynton Workmens Club's networks. Sponsored or proxy licensees will be monitored for compliance with the terms of their license and compliance with our acceptable use policy. Authorised Personnel

In accordance with current UK legislation, IT Administrators and persons in the Managment require delegated authority from the Committee before they may authorise personnel to engage in monitoring activities. It is important to note that the Director of the Computing Service (IT Administrator) has the 'delegated' authority' to authorise appropriate personnel to monitor Poynton Workmens Club's network wide data communications infrastructure and all centrally supported systems, services and applications. Other persons of the Management may obtain 'delegated' authority to authorise appropriate personnel to monitor only those service elements for which the Department or Service has complete responsibility. It will be considered a disciplinary offence for anyone to engage in monitoring activities without proper authorisation or monitor areas out with their areas of responsibility. Furthermore it is likely that any individual who violates this policy will be breaking the law. Ethics Authorised personnel including network and system administrators must execute their duties in accordance with Poynton Workmens Club's 'System and Network administrators Guidelines', in particular authorised personnel must: Respect the privacy of others Not use or disclose information realised in the monitoring process for purposes other than those for which the process was approved. Safeguard information collected in the monitoring process Destroy information collected in the monitoring process when it is no longer required Network services and Applications General All networked systems providing network services or applications are monitored where relevant for: CPU utilisation Active processes File store utilisation, anomalies, file types and file sizes Network statistics e.g., peak and average bandwidth utilisation and errors System and security log anomalies Successful access attempts user account, date/time stamp, session duration Unsuccessful access attempts Unusual network traffic This information is used to help determine whether or not Poynton Workmens Club s systems are operating as intended. System logs and other metrics are retained for as short a period as possible. Poynton Workmens Club reserves the right to examine any file residing on any server or workstation owned by Poynton Workmens Club, connected to Poynton Workmens Club's networks or located on Poynton Workmens Club s premises. This Policy includes Poynton Workmens Club s owned machines used at home and personal systems that are connected to Poynton Workmens Club's flexible access networks. Physical monitoring Poynton Workmens Club has installed video surveillance equipment in open access cluster locations. Video recordings of these areas are kept for two weeks, however if an incident is under investigation then recordings will be kept for as long as necessary to help resolve the incident. E-Mail All Incoming E-mail processed via the central mail systems is subject to the following: Virus prevention measures, which include blocks resulting from: Tests for executable file extensions including bat, exe, vbs etc

Tests for the initial byte sequence conserved across Microsoft Windows executables Signature based anti-virus scanning Blocking occurs at the SMTP transaction level giving a 'permanent failure' response to the SMTP DATA command. This approach results in: Genuine senders get a meaningfull error report from their message transport agent (MTA) Our servers do not compose and deliver 'bogus virus alert' messages to innocent users who have had their e- mail sender details counterfeited Spam delivery prevention measures. Spam is defined as unsolicited bulk e-mail, which can range from the relatively innocuous but annoying receipt of unwanted communications to a denial of service attack through a concerted attempt to flood a network or overload and crash a server. Sites are blocked according to the RBL (Real-time Black hole List), which is a blacklist of networks known to be originators of Spam. RBL is served via 1and1 Internet Services AG and Poynton Workmens Club. Additional measures to help prevent the delivery of spam e-mail have been implemented and these are documented on the PWC Intranet Unauthorised mail relaying is not permitted. This prevents external attempts to use Poynton Workmens Club mail systems to relay Spam or other messages. Mail from specific sources may be blocked on receipt of valid complaints Mail logs are used to follow up problems reported to Postmaster. These logs are kept for 1 month then deleted. The length of time that the logs are kept reflects the fact that problems can take some time to come to light if the recipient is absent. Mail logs record the following information: Time stamp; sender e-mail address & mail system ip address; recipient e-mail address & mail system ip address; message id; message size Certain SMTP protocol information associated with the initial and final SMTP dialogues Note that no content information, not even the mail subject field, is held. Web access All Web access, with very few specific exceptions, is forced through Poynton Workmens Club's Web cache service. At present certain content filtering settings are enforced. These filters have been applied to deny users access to sites deemed innapropriate by Poynton Workmens Club and the Management. It is also possible to apply filters or block access to sites on request, or for security or defensive reasons. For example as part of the measures taken to protect against the NIMDA and CodeRed viruses, content filters were applied on the Caches. Cache logs are used primarily to produce statistics on the service. They are also used to investigate any cases of suspected unauthorised use, or illegal activity that are reported. To support trend analysis, daily logs are aggregated into monthly logs, which in turn are aggregated into annual logs. The daily raw log file records the following information Ip address of requestor; time stamp; time to download page; status code; size, URL; Hardware (MAC) Address; Username The daily raw data is compressed into three separate daily files for ease in producing statistics. In addition the raw data is aggregated into the current monthly log file in an anonymised fashion. Daily files are retained for 240 days; this figure maximises the number of days that log files are stored within the confines of available disc space. Monthly log files: These files are anonymised and retained for 1 year.

Yearly log: Aggregated from monthly log files; anonymised; No yearly data has been disposed of to date. System Inspection As a condition of connection to Poynton Workmens Club's network; Staff and Committee users must agree that The Committee and/ or its Authorized Persons may inspect their systems on request and at any reasonable times. Infrastructure records and Associations The data communications infrastructure consists of many components i.e., Fibre optic cabling systems Building premises distribution schemes Backbone and edge routers Ethernet hubs and switches Remote access devices Detailed records and inventories are maintained for all infrastructure components and these are used to support the following: Fault investigations Maintenance contracts Capacity planning Risk analysis A key feature of all centrally supported active components, (Routers, hubs, switches etc) is manageability via native TCP/IP stacks supporting IP applications including SNMP agents. This manageability is used extensively for the following purposes: To monitor active components for failure or error conditions To associate a particular active port with a specific system MAC address, IP address, DNS name and network connection point. To track changes in any associations To assist in fault investigations and incident handling To check compliance with other Poynton Workmens Club Policies Network monitoring Internet Traffic Incoming traffic from our appointed ISP(s) is subject to the following restrictions; implemented at the boundary router connecting Poynton Workmens Club s network to the Wired and Wireless access system: Specific IP ports, which are associated with services that present serious vulnerabilities, are blocked. The actual 'port block' list is derived from local knowledge, experience and national CERT advice. Filters are in place to block sites from which Poynton Workmens Club has previously been attacked. On occasion filters are used to block specific sites in response to a specific request Poynton Workmens Club boundary Router maintains extensive network flow information, which is transferred periodically to flow collectors. The collectors store flow information in log files, which are then processed and used for the following purposes: Fault investigations Incident Handling Traffic profiling Alerts on unusual activity e.g., DoS attacks, potentially malicious traffic

Flow logs do not record application data content; they merely record certain IP fields and volume data i.e., Source ip address, destination ip address, port numbers, volume, and time stamp Due to disc space considerations the flow log files are kept for a maximum of 14 days Traffic Monitoring Authorised personnel may monitor Poynton Workmens Club s backbone or specific segments for the following: Protocols and applications in use Sources and Destinations traffic patterns Performance metrics Bytes sent and received per Router and switch interface Errors per Router and switch interface Failure conditions Statistical records are retained for as long as they are deemed useful. Under exceptional circumstances i.e., to help investigate incidents or fault conditions, specific interactions between endpoints maybe monitored and recorded for analysis. Records are retained for as long as the incident or fault is active after which time all records are destroyed. Intrusion Detection Systems Poynton Workmens Club s backbone network incorporates several Intrusion Detection Systems (IDS) that are used to identify malicious activity, including local compromised hosts, and derive additional backbone router security filters. These systems continually look for recognisable signatures of common attack profiles e.g., CodeRed, Nimda etc. When a signature is recognised an event is logged providing details of the signature, e.g., Source IP address, destination IP address, source port, destination port and suspect payload. Intrusion Detection Systems produce extensive logs, which require detailed scrutiny to reliably identify malicious activity. IDS logs are retained for short periods. Active scanning Authorised personnel may perform active scanning of network segments to identify vulnerabilities and or compromised hosts. Authorised personnel must exercise due diligence when performing any scanning activity: in particular authorised personnel must: Inform the network and systems administrators responsible for the systems on a segment of the planned scan activity and provide the following: Schedules including Time and duration of scans Systems performing the scan, (IP addresses) Object of the scan i.e., vulnerabilities to be tested Take reasonable steps to ensure the continued operation or functionality of any system being scanned Identify systems with vulnerabilities to the relevant system administrators Records from active scans will be kept to help identify areas where actions associated with other Poynton Workmens Club Policies may be required. Users of the flexible access facilities should note that active scanning would apply to any personal system connected to those facilities. Any user who considers this condition unacceptable should not connect their system to the flexible access facilities.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information