UNIT 3: Assignment: 1
Remote Access Control Policy
The purpose of this policy is to define standards for connecting to Richman Investment’s network from any host. These standards are designed to minimize the potential exposure of Richman Investment’s to damages which may result from unauthorized use of Richman Investment’s resources. Damages include the loss of sensitive or company confidential data, intellectual property, damage to public image, damage to Richman Investment’s internal systems, etc.
This policy applies to all of Richman Investment’s employees, contractors, vendors and agents with a Richman Investment’s owned or ...view middle of the document...
3. Please review the following policies for details of protecting information when accessing the corporate network via remote access methods, and acceptable use of Richman Investment’s network:
a. Acceptable Encryption Policy
b. Virtual Private Network (VPN) Policy
c. Wireless Communications Policy
d. Acceptable Use Policy
4. For additional information regarding <Company Name>'s remote access connection options, including how to order or disconnect service, cost comparisons, troubleshooting, etc., go to the Remote Access Services website.
3.2 Requirements1. Secure remote access must be strictly controlled. Control will be enforced via one-time password authentication or public/private keys with strong pass-phrases. For information on creating a strong pass-phrase see the Password Policy.
2. At no time should any Richman Investment’s employee provide their login or email password to anyone, not even family members.
3. Richman Investment’s employees and contractors with remote access privileges must ensure that their Richman Investment’s -owned or personal computer or workstation, which is remotely connected to Richman Investment’s corporate network, is not connected to any other network at the same time, with the exception of personal networks that are under the complete control of the user.
4. Richman Investment’s employees and contractors with remote access privileges to Richman Investment’s corporate network must not use non- Richman Investment’s email accounts(i.e., Gmail, Hotmail, Yahoo, AOL), or other external resources to conduct Richman Investment’s business, thereby ensuring that official business is never confused with personal business.
5. Routers for dedicated ISDN lines configured for access to the Richman Investment’s network must meet minimum authentication requirements of CHAP.
6. Reconfiguration of a home user's equipment for the purpose of split-tunneling or dual homing is not permitted at any time.
7. Frame Relay must meet minimum authentication requirements of DLCI standards.
8. Non-standard hardware configurations must be approved by Remote Access Services, and Info Sec must approve security configurations for access to hardware.
9. All hosts that are connected to Richman Investment’s internal networks via remote access technologies must use the most up-to-date anti-virus software (place URL to corporate software site here), this includes personal computers. Third party connections must comply with requirements as stated in the Third Party Agreement.
10. Personal equipment that is used to connect to Richman Investment’s networks must meet the requirements of Richman Investment’s -owned equipment for remote access.
11. Organizations or individuals who wish to implement non-standard Remote Access solutions to the Richman Investment’s production network must obtain prior approval from Remote Access Services and InfoSec.
Any employee found to have violated this policy may be subject to...